Summary
Security and dependency documentation contains inaccuracies about automation and feature flags.
Findings
| Issue ID |
Description |
| SEC-001 |
SECURITY.md claims automated security checks but GitHub workflow is manual-only |
| DEPS-001 |
DEPS.md - Incorrect reqwest features (docs: rustls-tls, actual: rustls-tls-webpki-roots) |
| DEPS-002 |
DEPS.md - Incorrect pprof features (docs: flamegraph, actual: none specified) |
Files to Update
SECURITY.md - Clarify that security audits are manualDEPS.md - Update feature flags to match Cargo.toml
Source of Truth
Cargo.toml (workspace root).github/workflows/ for CI configuration
Priority
Critical - Security claims should be accurate.
Summary
Security and dependency documentation contains inaccuracies about automation and feature flags.
Findings
SECURITY.mdclaims automated security checks but GitHub workflow is manual-onlyDEPS.md- Incorrect reqwest features (docs:rustls-tls, actual:rustls-tls-webpki-roots)DEPS.md- Incorrect pprof features (docs:flamegraph, actual: none specified)Files to Update
SECURITY.md- Clarify that security audits are manualDEPS.md- Update feature flags to matchCargo.tomlSource of Truth
Cargo.toml(workspace root).github/workflows/for CI configurationPriority
Critical - Security claims should be accurate.