Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Security Advisories Checker on Travis/Circle CI
Search
Ryo Shibayama
January 13, 2016
Technology
0
33
Security Advisories Checker on Travis/Circle CI
Ryo Shibayama
January 13, 2016
Tweet
Share
More Decks by Ryo Shibayama
See All by Ryo Shibayama
技術広報の集い #3 Lightning Talk - LayerX
serima
0
410
採用は全員で | Chuo TECH #1
serima
4
1.5k
高専 5 年時に 7 泊 8 日の合宿型ビジコンに参加したら人生が変わった
serima
0
430
カジュアル面談を通して “自社”のことを知る
serima
0
260
倒れても進捗 / Progress even if I fall
serima
1
830
CircleCI 導入への入門 / Introduction to CircleCI
serima
0
120
GameWithを支えるインフラ基盤 - スケールイン・アウト戦略編 / GameWith infrastructure - Scale in and out strategy
serima
0
85
エンジニア採用と PHP / Engineer Recruitment and PHP
serima
0
110
できることから始める OSS Contribution / Start OSS Contribution With What You Know
serima
1
240
Other Decks in Technology
See All in Technology
Tebiki Engineering Team Deck
tebiki
0
24k
FinTech SREのAWSサービス活用/Leveraging AWS Services in FinTech SRE
maaaato
0
120
SREじゃなかった僕らがenablingを通じて「SRE実践者」になるまでのリアル / SRE Kaigi 2026
aeonpeople
6
2.1k
会社紹介資料 / Sansan Company Profile
sansan33
PRO
15
400k
toCプロダクトにおけるAI機能開発のしくじりと学び / ai-product-failures-and-learnings
rince
6
5.5k
Bill One 開発エンジニア 紹介資料
sansan33
PRO
4
17k
変化するコーディングエージェントとの現実的な付き合い方 〜Cursor安定択説と、ツールに依存しない「資産」〜
empitsu
4
1.3k
AIと新時代を切り拓く。これからのSREとメルカリIBISの挑戦
0gm
0
690
顧客の言葉を、そのまま信じない勇気
yamatai1212
1
330
ファインディの横断SREがTakumi byGMOと取り組む、セキュリティと開発スピードの両立
rvirus0817
1
1.1k
入社1ヶ月でデータパイプライン講座を作った話
waiwai2111
1
230
CDKで始めるTypeScript開発のススメ
tsukuboshi
1
310
Featured
See All Featured
Agile Actions for Facilitating Distributed Teams - ADO2019
mkilby
0
110
Groundhog Day: Seeking Process in Gaming for Health
codingconduct
0
90
It's Worth the Effort
3n
188
29k
Facilitating Awesome Meetings
lara
57
6.7k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
196
71k
Ruling the World: When Life Gets Gamed
codingconduct
0
140
Everyday Curiosity
cassininazir
0
130
How STYLIGHT went responsive
nonsquared
100
6k
Learning to Love Humans: Emotional Interface Design
aarron
275
41k
DevOps and Value Stream Thinking: Enabling flow, efficiency and business value
helenjbeal
1
89
How Software Deployment tools have changed in the past 20 years
geshan
0
32k
Leveraging LLMs for student feedback in introductory data science courses - posit::conf(2025)
minecr
0
140
Transcript
Security Advisories Checker on (Travis|Circle) CI PHP BLT#2 @serima
@serima • PHP Developer @ Zappallas • mag2 -> GREE
-> Zappallas • http://serima.co/blog • Recent topics • WordPress on PHP 7, HTTP/2 • Setup Sakura-VPS with Ansible • ࠷ۙͷڵຯ • ೋࢎԽૉೱͷܭଌʢ·ͩͬͯͳ͍ʂʣ
SensioLabs Security Advisories Checker • SensioLabs ࣾͷϥΠϒϥϦ੬ऑੑνΣοΧʔ
SensioLabs • Symfony / Twig / Silex ͳͲΛ։ൃ͍ͯ͠Δϑϥϯεͷ ձࣾ •
࠷ۙͩͱɺϓϩϑΝΠϥπʔϧ blackfire.io ΛϦϦʔε ͨ͠
composer.lock Ͱఆ • Online Checker • Σϒ্Ͱ composer.lock ΛΞοϓϩʔυ •
CLI Checker • CLI Tool Λμϯϩʔυͯ͠ίϚϯυϥΠϯ࣮ߦ • Web API • SensioLabs ্ʹΤϯυϙΠϯτ͕༻ҙ͞Ε͍ͯΔ
ܧଓత੬ऑੑνΣοΫ • ֤छΠϯλϑΣʔε͕ఏڙ͞Ε͍ͯΔͷͰɺCI ʹΈ ࠐΈɺܧଓత੬ऑੑνΣοΫ͕؆୯ʹՄೳ
How to integrate • composer require sensiolabs/security-checker • composer update
• git add composer.json composer.lock • git commit -m ‘Integrate security-checker’
TravisCI - .travis.yml language: php php: - 5.6 before_script: -
composer self-update - composer install - chmod -R 777 storage script: - vendor/bin/security-checker security:check - phpunit
CircleCI - circle.yml machine: timezone: Asia/Tokyo php: version: 5.6.14 test:
override: - vendor/bin/security-checker security:check - vendor/bin/phpunit
Test • swiftmailer/swiftmailer 5.2.1 ະຬͷόʔδϣϯʹ੬ ऑੑ͕͋Δ • ͨΊ͠ʹ 5.0.0
Λ Πϯετʔϧ͢ΔΑ͏ ࢦఆͯ͠ΈΔ
Test • ͪΌΜͱ fail ͠·ͨ͠ • ੬ऑੑͷ༰දࣔ͞Ε͍ͯ·͢
Test • ࠷৽൛ΛೖΕΔΑ͏ʹઃఆͯ͠࠶νϟϨϯδ • ͪΌΜͱ green ʹͳΓ·ͨ͠
੬ऑੑσʔλϕʔε • ͜ͷϦϙδτϦʹొ͞Ε͍ͯΔͷ͕੬ऑੑσʔλϕʔ εͱͯ͠ΘΕ͍ͯΔ • https://github.com/FriendsOfPHP/security- advisories • This database
must not serve as the primary source of information for security issues, it is not authoritative for any referenced software, but it allows to centralize information for convenience and easy consumption.
·ͱΊ • ΄΅ίετθϩͰϥΠϒϥϦͷ੬ऑੑνΣοΫ͕Մೳ ʹͳΔͷͰɺೖΕ͓͍ͯͯଛͳ͍Ͱ͢ • ͕ɺઌఔݴͬͨͱ͓Γશʹ৴པͯ͠͠·Θͳ͍Α ͏ʹҙ • JVN ͳͲଞͷσʔλϕʔεผ్νΣοΫ͠·͠ΐ͏
• https://github.com/serima/security-checker-on-lumen • αϯϓϧΛஔ͍͓͖ͯ·ͨ͠
͓ΘΓ
serima
tebiki
maaaato
aeonpeople
sansan33
rince
empitsu
0gm
yamatai1212
rvirus0817
waiwai2111
tsukuboshi
mkilby
codingconduct
3n
lara
soudai
cassininazir
nonsquared
aarron
.png){kind=avatar}
helenjbeal
geshan
minecr
