The Wayback Machine - https://web.archive.org/web/20210817162355/https://github.com/tauri-apps/tauri/issues/64
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Actually use security framework #64

Open
nothingismagick opened this issue Nov 24, 2019 · 3 comments
Open

Actually use security framework #64

nothingismagick opened this issue Nov 24, 2019 · 3 comments

Comments

@nothingismagick
Copy link
Member

@nothingismagick nothingismagick commented Nov 24, 2019

Describe the solution you'd like
It'd be nice to actually apply the security framework when building.

Describe alternatives you've considered
Ignoring security problems won't help.

@nothingismagick
Copy link
Member Author

@nothingismagick nothingismagick commented Nov 30, 2019

So, what I am thinking is a settings configuration in tauri.conf.js that looks something like this:

security: {
  rust: {
    check: [warn, throw, fix],
    service: [cargo-audit, antivuln, snyk],
    command: ''
  },
  node: {
    check: [warn, throw, fix],
    service: [npm, yarn, antivuln, snyk],
    command: ''
  }
}

As well as a CLI command tauri audit that hooks into the same logic.

@nothingismagick
Copy link
Member Author

@nothingismagick nothingismagick commented Nov 30, 2019

Here are some nice rust resources
https://github.com/rust-secure-code/projects

@tensor-programming
Copy link
Collaborator

@tensor-programming tensor-programming commented Dec 28, 2019

Some of this stuff will be built into the prop testing that I am implementing. Others can be manually attached to it later. Conditional compilation will allow us to build a pipeline to be able to compose and attach these tools to a dev or even production build to see some of these elements. I may just take this issue as a result of the testing stuff that I am adding and how it relates tangentially to what we are discussing here. (At least from the rust side)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants