tauri
tauri copied to clipboard
Actually use security framework
Describe the solution you'd like It'd be nice to actually apply the security framework when building.
Describe alternatives you've considered Ignoring security problems won't help.
So, what I am thinking is a settings configuration in tauri.conf.js
that looks something like this:
security: {
rust: {
check: [warn, throw, fix],
service: [cargo-audit, antivuln, snyk],
command: ''
},
node: {
check: [warn, throw, fix],
service: [npm, yarn, antivuln, snyk],
command: ''
}
}
As well as a CLI command tauri audit
that hooks into the same logic.
Here are some nice rust resources https://github.com/rust-secure-code/projects
Some of this stuff will be built into the prop testing that I am implementing. Others can be manually attached to it later. Conditional compilation will allow us to build a pipeline to be able to compose and attach these tools to a dev or even production build to see some of these elements. I may just take this issue as a result of the testing stuff that I am adding and how it relates tangentially to what we are discussing here. (At least from the rust side)
Security plug-in
Bumping this issue, because its time to manufacture tauri audit
.
I'll start to work on this issue