Skip to content

feat: add capsec audit to pre-commit hooks and CI#100

Merged
bordumb merged 4 commits intomainfrom
dev-sansIOConfig
Mar 21, 2026
Merged

feat: add capsec audit to pre-commit hooks and CI#100
bordumb merged 4 commits intomainfrom
dev-sansIOConfig

Conversation

@bordumb
Copy link
Contributor

@bordumb bordumb commented Mar 21, 2026

Integrate cargo-capsec static I/O audit into the development workflow:

  • .capsec.toml config with allow rule for auths-verifier WASM extern block
  • Baseline saved for auths-core and auths-id (64 known findings)
  • Pre-commit hook with graceful skip and two-tier enforcement
  • Standalone CI job with pinned cargo-capsec v0.1.2

@bordumb
feat: add capsec audit to pre-commit hooks and CI
639afdd 
   Integrate cargo-capsec static I/O audit into the development workflow:
   - .capsec.toml config with allow rule for auths-verifier WASM extern block
   - Baseline saved for auths-core and auths-id (64 known findings)
   - Pre-commit hook with graceful skip and two-tier enforcement
   - Standalone CI job with pinned cargo-capsec v0.1.2
@bordumb bordumb self-assigned this Mar 21, 2026
@vercel
Copy link

vercel bot commented Mar 21, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
auths Ready Ready Preview, Comment Mar 21, 2026 6:54am

@github-actions
Copy link

github-actions bot commented Mar 21, 2026

Auths Commit Verification

Commit Status Details
639afdd2 ✅ Verified Signed by z6MktnihicwetvA16FtHFynaJTn9eDZw51eizUEA1yGJCR4o@auths.local

Result: ✅ 1/1 commits verified

@github-actions
Copy link

github-actions bot commented Mar 21, 2026

Auths Commit Verification

Commit Status Details
64f5f089 ✅ Verified Signed by z6MktnihicwetvA16FtHFynaJTn9eDZw51eizUEA1yGJCR4o@auths.local
639afdd2 ✅ Verified Signed by z6MktnihicwetvA16FtHFynaJTn9eDZw51eizUEA1yGJCR4o@auths.local

Result: ✅ 2/2 commits verified

@github-advanced-security
Copy link

github-advanced-security bot commented Mar 21, 2026

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

  • The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
  • Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
  • You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

@github-actions
Copy link

github-actions bot commented Mar 21, 2026

Auths Commit Verification

Commit Status Details
e588f40c ✅ Verified Signed by z6MktnihicwetvA16FtHFynaJTn9eDZw51eizUEA1yGJCR4o@auths.local
64f5f089 ✅ Verified Signed by z6MktnihicwetvA16FtHFynaJTn9eDZw51eizUEA1yGJCR4o@auths.local
639afdd2 ✅ Verified Signed by z6MktnihicwetvA16FtHFynaJTn9eDZw51eizUEA1yGJCR4o@auths.local

Result: ✅ 3/3 commits verified

@github-actions
Copy link

github-actions bot commented Mar 21, 2026

Auths Commit Verification

Commit Status Details
3de5a1b8 ✅ Verified Signed by z6MktnihicwetvA16FtHFynaJTn9eDZw51eizUEA1yGJCR4o@auths.local
e588f40c ✅ Verified Signed by z6MktnihicwetvA16FtHFynaJTn9eDZw51eizUEA1yGJCR4o@auths.local
64f5f089 ✅ Verified Signed by z6MktnihicwetvA16FtHFynaJTn9eDZw51eizUEA1yGJCR4o@auths.local
639afdd2 ✅ Verified Signed by z6MktnihicwetvA16FtHFynaJTn9eDZw51eizUEA1yGJCR4o@auths.local

Result: ✅ 4/4 commits verified

@bordumb bordumb merged commit 5f2761f into main Mar 21, 2026
15 checks passed
@bordumb bordumb deleted the dev-sansIOConfig branch March 21, 2026 06:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@bordumb bordumb

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@bordumb