libmagic-rs achieves OpenSSF Best Practices Silver badge (283% and climbing)

[unclesp1d3r]

We're happy to announce that libmagic-rs has earned the OpenSSF Best Practices Silver badge, currently sitting at 283% across the OpenSSF criteria.

For a project aiming to provide a memory-safe alternative to a foundational Unix utility, earning this badge felt like the right bar to clear early rather than bolt on later. The Silver criteria pushed us to formalize practices we were already leaning toward: consistent CI across Ubuntu, Windows, and macOS; documented security hardening and contribution guidelines; build-time rule compilation with no external dependencies; and a full documentation system with migration guides for teams evaluating a switch from the C implementation.

What this means in practice:

• Automated testing and formatting enforcement on every commit across all three major platforms
• Published security policy and coordinated disclosure process
• Comprehensive docs covering usage, architecture, and migration path from C libmagic
• Dependency management with automated vulnerability scanning
• Reproducible builds with no reliance on binary .mgc files

On the road to Gold: at 283%, most of the remaining gap comes down to the bus factor requirement. Gold requires at least two contributors with a meaningful understanding of the codebase. The code, docs, and processes are there; what we need is people. If you're interested in Rust, file format internals, or building memory-safe alternatives to established C tooling, this is a good project to get involved with. The architecture is clean, the CI is solid, and there's real work to be done on format coverage and performance.

Issues, PRs, and feedback are all welcome.