Version management
Native Git protocol over HTTP and SSH. Bare repositories on local disk, branches, tags, post-receive hooks — everything your developers expect.
The software forge simple
Gitrust is a self-hosted Git forge, written 100% in Rust, compliant with ANSSI PA-074 requirements. Take back control of your code without sacrificing security.
✓ Native HTTP + SSH — compatible with all your Git clients
✓ Fine permissions, multi-team, clear roles
✓ With or without cloud: bare-metal, VPS, nginx or HAProxy
✓ Zero CDN, zero telemetry, zero imposed cloud dependency
Rust memory-safe
100% Rust base with #![forbid(unsafe_code)] on critical crates. No UB, no memory leak.
ANSSI PA-074 compliant
Strict lints, supplier audit, zeroize on secrets, RSA keys >= 4096 bits.
With or without cloud
Total self-hosted: bare-metal, VPS, behind nginx stream or HAProxy. PROXY protocol v1/v2 preserves the real client IPs, regardless of the reverse-proxy in front. No data leaves your servers.
Hardened HTTP + SSH
Native Git protocol over HTTP and SSH. Layer ssh-guard integrated: brute-force detection, key scanning, TCP rate-limit by IP, admin UI for bans and ACLs, stable JSON events compatible with fail2ban.
SBOM & Dependency-Track
Integrated CycloneDX generation, continuous vulnerability analysis.
Multi-team
Clear roles: Reader, Developer, Maintainer, Owner. Individual ∪ team permissions.
What Gitrust does
A complete self-hosted Git forge, designed for teams who want ANSSI rigor without sacrificing modern development ergonomics.
Collaboration
Pull requests, issues, labels, teams and hierarchical roles (Reader / Developer / Maintainer / Owner). Fine permissions at the individual × team intersection.
Continuous integration
IC Dagger integrated two-stage — Declarative Easy Mode for 90% of cases, programmable Power Mode in Go/Python for advanced pipelines. No external runner required.
SBOM & dependencies
Generation CycloneDX automatic for each project, integration Dependency-Track native. Continuous audit of CVEs without external scanning, ANSSI PA-074 traceability.
A simple and audited stack
Rust + axum server rating · PostgreSQL for persistence HTMX + Tailwind browser side — pure SSR, no JS framework, no CDN. Less than 300 KB of JavaScript on the heaviest page.