The Wayback Machine - https://web.archive.org/web/20220509210317/https://github.com/tauri-apps/tauri/issues/64
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Actually use security framework #64

Open
nothingismagick opened this issue Nov 24, 2019 · 3 comments
Open

Actually use security framework #64

nothingismagick opened this issue Nov 24, 2019 · 3 comments
Labels
good first issue status: help wanted

Comments

@nothingismagick
Copy link

@nothingismagick nothingismagick commented Nov 24, 2019

Describe the solution you'd like
It'd be nice to actually apply the security framework when building.

Describe alternatives you've considered
Ignoring security problems won't help.
@nothingismagick nothingismagick added status: help wanted good first issue labels Nov 24, 2019
@nothingismagick
Copy link
Author

@nothingismagick nothingismagick commented Nov 30, 2019

So, what I am thinking is a settings configuration in tauri.conf.js that looks something like this:

security: {
  rust: {
    check: [warn, throw, fix],
    service: [cargo-audit, antivuln, snyk],
    command: ''
  },
  node: {
    check: [warn, throw, fix],
    service: [npm, yarn, antivuln, snyk],
    command: ''
  }
}

As well as a CLI command tauri audit that hooks into the same logic.
@nothingismagick
Copy link
Author

@nothingismagick nothingismagick commented Nov 30, 2019

Here are some nice rust resources
https://github.com/rust-secure-code/projects
@tensor-programming
Copy link

@tensor-programming tensor-programming commented Dec 28, 2019
edited

Some of this stuff will be built into the prop testing that I am implementing. Others can be manually attached to it later. Conditional compilation will allow us to build a pipeline to be able to compose and attach these tools to a dev or even production build to see some of these elements. I may just take this issue as a result of the testing stuff that I am adding and how it relates tangentially to what we are discussing here. (At least from the rust side)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
good first issue status: help wanted
2 participants
@tensor-programming @nothingismagick