tauri icon indicating copy to clipboard operation
tauri copied to clipboard

Published 20 hours ago verified publisher icon tauri-apps

Actually use security framework

Open nothingismagick opened this issue 4 years ago • 5 comments

Describe the solution you'd like It'd be nice to actually apply the security framework when building.

Describe alternatives you've considered Ignoring security problems won't help.

nothingismagick avatar Nov 24 '19 16:11 nothingismagick

So, what I am thinking is a settings configuration in tauri.conf.js that looks something like this:

security: {
  rust: {
    check: [warn, throw, fix],
    service: [cargo-audit, antivuln, snyk],
    command: ''
  },
  node: {
    check: [warn, throw, fix],
    service: [npm, yarn, antivuln, snyk],
    command: ''
  }
}

As well as a CLI command tauri audit that hooks into the same logic.

nothingismagick avatar Nov 30 '19 09:11 nothingismagick

Here are some nice rust resources https://github.com/rust-secure-code/projects

nothingismagick avatar Nov 30 '19 09:11 nothingismagick

Some of this stuff will be built into the prop testing that I am implementing. Others can be manually attached to it later. Conditional compilation will allow us to build a pipeline to be able to compose and attach these tools to a dev or even production build to see some of these elements. I may just take this issue as a result of the testing stuff that I am adding and how it relates tangentially to what we are discussing here. (At least from the rust side)

tensor-programming avatar Dec 28 '19 01:12 tensor-programming

Security plug-in

0903554Emmanuel avatar May 14 '22 05:05 0903554Emmanuel

Bumping this issue, because its time to manufacture tauri audit.

nothingismagick avatar Aug 10 '22 11:08 nothingismagick

I'll start to work on this issue

dobleuber avatar Nov 27 '23 21:11 dobleuber