The Rust Foundation has released its second annual technology report, highlighting significant advancements in security, interoperability, and tooling. Among the key highlights is the full launch of GitHub Actions authentication on crates.io, which employs cryptographically signed tokens to enhance supply chain security and streamline workflows for maintainers. The report also showcases major progress on crate signing infrastructure using The Update Framework (TUF), including three full repository implementations and stakeholder consensus.
Other notable developments include the integration of the Ferrocene Language Specification (FLS) into the Rust Project, marking a critical step toward a formal Rust language specification and laying the groundwork for broader safety certification and formal tooling. The report also mentions a 75% reduction in CI infrastructure costs while maintaining contributor workflow stability, achieved through Infrastructure-as-Code management. Additionally, the Safety-Critical Rust Consortium has expanded, with multiple international meetings and advances on coding guidelines aligned with safety standards like MISRA.
Collaborations with ISO C++ standards bodies have also been finalized, aiming to enhance Rust adoption in legacy C++ environments without compromising safety. The report acknowledges ongoing funding from the OpenSSF’s Alpha-Omega Project and infrastructure donations from organizations like AWS, GitHub, and Mullvad VPN, which supported initiatives like GitHub Secret Scanning and automated incident response for Trusted Publishing. A new formal verification tool, ESBMC, has been integrated into the Rust verification workflow, expanding the scope and flexibility of verification efforts. This achievement is part of broader collaborations between the Rust and formal verification communities, with AWS supporting efforts to validate automated C-to-Rust translations.