Actually use security framework

[nothingismagick]

Describe the solution you'd like It'd be nice to actually apply the security framework when building.

Describe alternatives you've considered Ignoring security problems won't help.

[nothingismagick]

So, what I am thinking is a settings configuration in tauri.conf.js that looks something like this:

security: {
  rust: {
    check: [warn, throw, fix],
    service: [cargo-audit, antivuln, snyk],
    command: ''
  },
  node: {
    check: [warn, throw, fix],
    service: [npm, yarn, antivuln, snyk],
    command: ''
  }
}

As well as a CLI command tauri audit that hooks into the same logic.

[nothingismagick]

Here are some nice rust resources https://github.com/rust-secure-code/projects

[tensor-programming]

Some of this stuff will be built into the prop testing that I am implementing. Others can be manually attached to it later. Conditional compilation will allow us to build a pipeline to be able to compose and attach these tools to a dev or even production build to see some of these elements. I may just take this issue as a result of the testing stuff that I am adding and how it relates tangentially to what we are discussing here. (At least from the rust side)

[0903554Emmanuel]

Security plug-in

[nothingismagick]

Bumping this issue, because its time to manufacture tauri audit.

[dobleuber]

I'll start to work on this issue

[vednig]

@dobleuber status?

[dobleuber]

@dobleuber status?

Hey, Sorry! Many things happened to me. I haven't continued working on this.