Security Review Recommendation
Source: Krillnotes Security Review v1.0.1 (April 2026)
Description
The security review identified 19 cargo audit warnings (all transitive via Tauri). While none are critical, running cargo audit in CI ensures new vulnerabilities are caught promptly.
Current State
- 19 warnings: 17 unmaintained GTK3 bindings (Linux-only), 1 glib soundness (Linux-only), 1 rand soundness (indirect via Tauri)
- 0 critical vulnerabilities
Recommendation
- Add
cargo audit as a CI step (advisory/non-blocking initially)
- Establish response SLAs for vulnerability findings (e.g., critical = 48h, high = 1 week)
- Consider
cargo deny for more granular dependency policy
Acceptance Criteria
Security Review Recommendation
Source: Krillnotes Security Review v1.0.1 (April 2026)
Description
The security review identified 19 cargo audit warnings (all transitive via Tauri). While none are critical, running
cargo auditin CI ensures new vulnerabilities are caught promptly.Current State
Recommendation
cargo auditas a CI step (advisory/non-blocking initially)cargo denyfor more granular dependency policyAcceptance Criteria
cargo auditruns in CI (can be advisory/non-blocking initially)