diff --git a/supply-chain/audits.toml b/supply-chain/audits.toml
index 00735a2b745d..79b0779cdade 100644
--- a/supply-chain/audits.toml
+++ b/supply-chain/audits.toml
@@ -61,6 +61,16 @@ who = "Mike Hommey <mh+mozilla@glandium.org>"
 criteria = "safe-to-deploy"
 delta = "0.2.0 -> 0.2.2"
 
+[[audits.cstr]]
+who = "Emilio Cobos Álvarez <emilio@crisal.io>"
+criteria = "safe-to-deploy"
+version = "0.2.10"
+notes = """
+I've reviewed the code of the crate thoroughly. It generates an unsafe block
+which is statically guaranteed to be safe. Inputs to the macro have to be
+static so there's no uncontrolled input whatsoever.
+"""
+
 [[audits.derive_arbitrary]]
 who = "Mike Hommey <mh+mozilla@glandium.org>"
 criteria = "safe-to-run"
diff --git a/supply-chain/config.toml b/supply-chain/config.toml
index 2f736fe3989b..84b51d2271b8 100644
--- a/supply-chain/config.toml
+++ b/supply-chain/config.toml
@@ -489,10 +489,6 @@ criteria = "safe-to-deploy"
 version = "0.6.0"
 criteria = "safe-to-deploy"
 
-[[exemptions.cstr]]
-version = "0.2.10"
-criteria = "safe-to-deploy"
-
 [[exemptions.cty]]
 version = "0.2.2"
 criteria = "safe-to-deploy"