Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Security Advisories Checker on Travis/Circle CI
Search
Ryo Shibayama
January 13, 2016
Technology
36
0
Share
Security Advisories Checker on Travis/Circle CI
Ryo Shibayama
January 13, 2016
More Decks by Ryo Shibayama
See All by Ryo Shibayama
技術広報の集い #3 Lightning Talk - LayerX
serima
0
440
採用は全員で | Chuo TECH #1
serima
4
1.5k
高専 5 年時に 7 泊 8 日の合宿型ビジコンに参加したら人生が変わった
serima
0
450
カジュアル面談を通して “自社”のことを知る
serima
0
270
倒れても進捗 / Progress even if I fall
serima
1
870
CircleCI 導入への入門 / Introduction to CircleCI
serima
0
130
GameWithを支えるインフラ基盤 - スケールイン・アウト戦略編 / GameWith infrastructure - Scale in and out strategy
serima
0
94
エンジニア採用と PHP / Engineer Recruitment and PHP
serima
0
120
できることから始める OSS Contribution / Start OSS Contribution With What You Know
serima
1
270
Other Decks in Technology
See All in Technology
オンコールの負荷軽減のためのBits Assistant 活用方法 / How to Use Bits Assistant to Reduce the Workload on On-Call Staff
sms_tech
1
350
管理アカウント単一運用からAWS Organizationsに移行するの大変で滅
hiramax
0
340
Oracle AI Database@Google Cloud:サービス概要のご紹介
oracle4engineer
PRO
6
1.5k
基礎から解説!Icebergで紐解くSnowflake×Databricks連携の現在地
cm_yasuhara
0
410
テストコードのないプロジェクトにテストを根付かせる
tttol
1
240
Cloud Run のアップデート 触ってみる&紹介
gre212
0
270
探して_入れて_作って_使う_Agent_Skills___LT.pdf
peintangos
2
110
AI時代から振り返るTerraform drift運用の歴史 / AI Age Reflections on the History of Terraform Drift Operations
aeonpeople
1
620
サプライチェーンセキュリティの空白地帯 - 信頼できる”依存性”の未来を考える
rung
PRO
2
530
大規模災害時でも高い信頼性を維持するアプリケーション基盤の実現/nikkei-tech-talk46
nikkei_engineer_recruiting
0
120
Unlocking the Apps
pimterry
0
130
20260528_生成AIを専属DSに_Howの次にすべきことを考える
doradora09
PRO
0
270
Featured
See All Featured
Accessibility Awareness
sabderemane
1
130
The B2B funnel & how to create a winning content strategy
katarinadahlin
PRO
1
380
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
4.3k
Dominate Local Search Results - an insider guide to GBP, reviews, and Local SEO
greggifford
PRO
0
180
Lightning talk: Run Django tests with GitHub Actions
sabderemane
0
190
We Have a Design System, Now What?
morganepeng
55
8.2k
Color Theory Basics | Prateek | Gurzu
gurzu
0
320
How Software Deployment tools have changed in the past 20 years
geshan
0
34k
Gemini Prompt Engineering: Practical Techniques for Tangible AI Outcomes
mfonobong
2
420
GraphQLとの向き合い方2022年版
quramy
50
15k
Reflections from 52 weeks, 52 projects
jeffersonlam
356
21k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
37
6.5k
Transcript
Security Advisories Checker on (Travis|Circle) CI PHP BLT#2 @serima
@serima • PHP Developer @ Zappallas • mag2 -> GREE
-> Zappallas • http://serima.co/blog • Recent topics • WordPress on PHP 7, HTTP/2 • Setup Sakura-VPS with Ansible • ࠷ۙͷڵຯ • ೋࢎԽૉೱͷܭଌʢ·ͩͬͯͳ͍ʂʣ
SensioLabs Security Advisories Checker • SensioLabs ࣾͷϥΠϒϥϦ੬ऑੑνΣοΧʔ
SensioLabs • Symfony / Twig / Silex ͳͲΛ։ൃ͍ͯ͠Δϑϥϯεͷ ձࣾ •
࠷ۙͩͱɺϓϩϑΝΠϥπʔϧ blackfire.io ΛϦϦʔε ͨ͠
composer.lock Ͱఆ • Online Checker • Σϒ্Ͱ composer.lock ΛΞοϓϩʔυ •
CLI Checker • CLI Tool Λμϯϩʔυͯ͠ίϚϯυϥΠϯ࣮ߦ • Web API • SensioLabs ্ʹΤϯυϙΠϯτ͕༻ҙ͞Ε͍ͯΔ
ܧଓత੬ऑੑνΣοΫ • ֤छΠϯλϑΣʔε͕ఏڙ͞Ε͍ͯΔͷͰɺCI ʹΈ ࠐΈɺܧଓత੬ऑੑνΣοΫ͕؆୯ʹՄೳ
How to integrate • composer require sensiolabs/security-checker • composer update
• git add composer.json composer.lock • git commit -m ‘Integrate security-checker’
TravisCI - .travis.yml language: php php: - 5.6 before_script: -
composer self-update - composer install - chmod -R 777 storage script: - vendor/bin/security-checker security:check - phpunit
CircleCI - circle.yml machine: timezone: Asia/Tokyo php: version: 5.6.14 test:
override: - vendor/bin/security-checker security:check - vendor/bin/phpunit
Test • swiftmailer/swiftmailer 5.2.1 ະຬͷόʔδϣϯʹ੬ ऑੑ͕͋Δ • ͨΊ͠ʹ 5.0.0
Λ Πϯετʔϧ͢ΔΑ͏ ࢦఆͯ͠ΈΔ
Test • ͪΌΜͱ fail ͠·ͨ͠ • ੬ऑੑͷ༰දࣔ͞Ε͍ͯ·͢
Test • ࠷৽൛ΛೖΕΔΑ͏ʹઃఆͯ͠࠶νϟϨϯδ • ͪΌΜͱ green ʹͳΓ·ͨ͠
੬ऑੑσʔλϕʔε • ͜ͷϦϙδτϦʹొ͞Ε͍ͯΔͷ͕੬ऑੑσʔλϕʔ εͱͯ͠ΘΕ͍ͯΔ • https://github.com/FriendsOfPHP/security- advisories • This database
must not serve as the primary source of information for security issues, it is not authoritative for any referenced software, but it allows to centralize information for convenience and easy consumption.
·ͱΊ • ΄΅ίετθϩͰϥΠϒϥϦͷ੬ऑੑνΣοΫ͕Մೳ ʹͳΔͷͰɺೖΕ͓͍ͯͯଛͳ͍Ͱ͢ • ͕ɺઌఔݴͬͨͱ͓Γશʹ৴པͯ͠͠·Θͳ͍Α ͏ʹҙ • JVN ͳͲଞͷσʔλϕʔεผ్νΣοΫ͠·͠ΐ͏
• https://github.com/serima/security-checker-on-lumen • αϯϓϧΛஔ͍͓͖ͯ·ͨ͠
͓ΘΓ
serima
sms_tech
hiramax
oracle4engineer
cm_yasuhara
tttol
gre212
peintangos
aeonpeople
rung
nikkei_engineer_recruiting
pimterry
doradora09
sabderemane
katarinadahlin
kastner
greggifford
morganepeng
gurzu
geshan
mfonobong
quramy
jeffersonlam
kevinliebholz
