Security News
Crates.io Users Targeted by Phishing Emails
The Rust Security Response WG is warning of phishing emails from rustfoundation.dev targeting crates.io users.
By Sarah Gooding - Sep 12, 2025
- Version
- 0.6.0
- Maintainers
- 2
puncover
Analyzes C/C++ binaries for code size, static variables and stack usages. It creates a report with disassembler and call-stack analysis per directory, file, or function.
Installation and Usage
Install with pip:
pip install puncover
Run it by passing the binary to analyze:
puncover project.elf
...
* Running on http://127.0.0.1:5000/ (Press CTRL+C to quit)
Open the link in your browser to view the analysis.
You can also use uvx to run the script without installing globally:
uvx puncover project.elf
Running Tests Locally
Setup
To run the tests locally, you need to install the development dependencies. This
project uses uv to manage the python environment.
uv venv && source .venv/bin/activate
uv sync
Running Tests
Then you can run the tests with tox (note that this will fail if any of the
supported python versions aren't found, see tox.ini):
tox
or, to target only the current python on $PATH:
tox -e py
Publishing Release
Release Script
See release.sh for a script that automates the above steps. Requires
uv to be installed. This example will work
with the PyPi tokens (now required):
PUNCOVER_VERSION=0.3.5 PYPI_TOKEN=<pypi token> ./release.sh
Manual Steps
Only for reference, the release script should take care of all of this.
Click to expand
-
Update the version in
puncover/__version__.py. -
Commit the version update:
git add . && git commit -m "Bump version to x.y.z" -
Create an annotated tag:
git tag -a {-m=,}x.y.z -
Push the commit and tag:
git push && git push --tags -
Either wait for the GitHub Action to complete and download the release artifact for uploading: https://github.com/HBehrens/puncover/actions OR Build the package locally:
python setup.py sdist bdist_wheel -
Upload the package to PyPI:
twine upload dist/* -
Create GitHub releases:
gh release create --generate-notes x.y.z- attach the artifacts to the release too:
gh release upload x.y.z dist/*
Contributing
Contributions are welcome! Please open an issue or pull request on GitHub.
FAQs
Analyses C/C++ build output for code size, static variables, and stack usage.
We found that puncover demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Introducing Custom Pull Request Alert Comment Headers
Socket now lets you customize pull request alert headers, helping security teams share clear guidance right in PRs to speed reviews and reduce back-and-forth.
By André Staltz - Sep 12, 2025
Product
Rust Support Now in Beta
Socket's Rust support is moving to Beta: all users can scan Cargo projects and generate SBOMs, including Cargo.toml-only crates, with Rust-aware supply chain checks.
By Mikola Lysenko, Trevor Norris - Sep 11, 2025