Add CI/CD Pipeline Automated Security Scanning
Priority: High
Estimated Time: 2 hours
Description
The CI/CD pipeline does not scan code for security vulnerabilities. Unsafe dependencies or code patterns could reach production.
Tasks
- Integrate
cargo-audit to check for known vulnerable dependencies
- Integrate
cargo-deny for license compliance checks
- Integrate SAST tool like
semgrep for code pattern violations
- Fail CI if vulnerabilities found (with override capability for acknowledged risks)
- Generate security report on every merge to main
Auto-created from UNSOLVED_ISSUES_40.md
Add CI/CD Pipeline Automated Security Scanning
Priority: High
Estimated Time: 2 hours
Description
The CI/CD pipeline does not scan code for security vulnerabilities. Unsafe dependencies or code patterns could reach production.
Tasks
cargo-auditto check for known vulnerable dependenciescargo-denyfor license compliance checkssemgrepfor code pattern violationsAuto-created from UNSOLVED_ISSUES_40.md