Skip to content

ci: add supply-chain and license audit coverage before releases #12

Closed
#49
Closed
ci: add supply-chain and license audit coverage before releases#12
#49
Labels
priority:mediumMedium priority for production readinessproduction-readinessProduction readiness hardening before public releasetype:ciContinuous integration and automationtype:securitySecurity policy or supply-chain hardening
@ubugeeei

Description

@ubugeeei
ubugeeei
opened on May 18, 2026

Problem

The release path has no dependency/license audit step. This matters because the project publishes Rust and npm artifacts.

Acceptance criteria

  • Add an auditable policy for Rust and npm dependencies.
  • Run the audit in CI or release checks.
  • Document how maintainers handle allowlisted advisories or license exceptions.

Metadata

Metadata

Assignees

No one assigned

    Labels

    priority:mediumMedium priority for production readinessproduction-readinessProduction readiness hardening before public releasetype:ciContinuous integration and automationtype:securitySecurity policy or supply-chain hardening

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions