Open nothingismagick opened 4 years ago
So, what I am thinking is a settings configuration in tauri.conf.js
that looks something like this:
security: {
rust: {
check: [warn, throw, fix],
service: [cargo-audit, antivuln, snyk],
command: ''
},
node: {
check: [warn, throw, fix],
service: [npm, yarn, antivuln, snyk],
command: ''
}
}
As well as a CLI command tauri audit
that hooks into the same logic.
Here are some nice rust resources https://github.com/rust-secure-code/projects
Some of this stuff will be built into the prop testing that I am implementing. Others can be manually attached to it later. Conditional compilation will allow us to build a pipeline to be able to compose and attach these tools to a dev or even production build to see some of these elements. I may just take this issue as a result of the testing stuff that I am adding and how it relates tangentially to what we are discussing here. (At least from the rust side)
Security plug-in
Bumping this issue, because its time to manufacture tauri audit
.
I'll start to work on this issue
@dobleuber status?
@dobleuber status?
Hey, Sorry! Many things happened to me. I haven't continued working on this.
Describe the solution you'd like It'd be nice to actually apply the security framework when building.
Describe alternatives you've considered Ignoring security problems won't help.