Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Security Advisories Checker on Travis/Circle CI
Search
Ryo Shibayama
January 13, 2016
Technology
0
33
Security Advisories Checker on Travis/Circle CI
Ryo Shibayama
January 13, 2016
Tweet
Share
More Decks by Ryo Shibayama
See All by Ryo Shibayama
技術広報の集い #3 Lightning Talk - LayerX
serima
0
410
採用は全員で | Chuo TECH #1
serima
4
1.5k
高専 5 年時に 7 泊 8 日の合宿型ビジコンに参加したら人生が変わった
serima
0
430
カジュアル面談を通して “自社”のことを知る
serima
0
260
倒れても進捗 / Progress even if I fall
serima
1
830
CircleCI 導入への入門 / Introduction to CircleCI
serima
0
120
GameWithを支えるインフラ基盤 - スケールイン・アウト戦略編 / GameWith infrastructure - Scale in and out strategy
serima
0
85
エンジニア採用と PHP / Engineer Recruitment and PHP
serima
0
110
できることから始める OSS Contribution / Start OSS Contribution With What You Know
serima
1
240
Other Decks in Technology
See All in Technology
Agile Leadership Summit Keynote 2026
m_seki
1
360
オープンウェイトのLLMリランカーを契約書で評価する / searchtechjp
sansan_randd
3
650
クレジットカード決済基盤を支えるSRE - 厳格な監査とSRE運用の両立 (SRE Kaigi 2026)
capytan
6
2.5k
Introduction to Sansan for Engineers / エンジニア向け会社紹介
sansan33
PRO
6
67k
SREじゃなかった僕らがenablingを通じて「SRE実践者」になるまでのリアル / SRE Kaigi 2026
aeonpeople
6
2.1k
モダンUIでフルサーバーレスなAIエージェントをAmplifyとCDKでサクッとデプロイしよう
minorun365
2
130
10Xにおける品質保証活動の全体像と改善 #no_more_wait_for_test
nihonbuson
PRO
1
190
Azure Durable Functions で作った NL2SQL Agent の精度向上に取り組んだ話/jat08
thara0402
0
140
Webhook best practices for rock solid and resilient deployments
glaforge
1
260
All About Sansan – for New Global Engineers
sansan33
PRO
1
1.3k
ファインディの横断SREがTakumi byGMOと取り組む、セキュリティと開発スピードの両立
rvirus0817
1
1.1k
セキュリティ はじめの一歩
nikinusu
0
1.5k
Featured
See All Featured
A Modern Web Designer's Workflow
chriscoyier
698
190k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
31
9.9k
Intergalactic Javascript Robots from Outer Space
tanoku
273
27k
The untapped power of vector embeddings
frankvandijk
1
1.6k
Why Your Marketing Sucks and What You Can Do About It - Sophie Logan
marketingsoph
0
72
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
addyosmani
10
1.1k
Measuring & Analyzing Core Web Vitals
bluesmoon
9
750
From Legacy to Launchpad: Building Startup-Ready Communities
dugsong
0
140
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
359
30k
Organizational Design Perspectives: An Ontology of Organizational Design Elements
kimpetersen
PRO
1
110
Money Talks: Using Revenue to Get Sh*t Done
nikkihalliwell
0
150
Designing Experiences People Love
moore
144
24k
Transcript
Security Advisories Checker on (Travis|Circle) CI PHP BLT#2 @serima
@serima • PHP Developer @ Zappallas • mag2 -> GREE
-> Zappallas • http://serima.co/blog • Recent topics • WordPress on PHP 7, HTTP/2 • Setup Sakura-VPS with Ansible • ࠷ۙͷڵຯ • ೋࢎԽૉೱͷܭଌʢ·ͩͬͯͳ͍ʂʣ
SensioLabs Security Advisories Checker • SensioLabs ࣾͷϥΠϒϥϦ੬ऑੑνΣοΧʔ
SensioLabs • Symfony / Twig / Silex ͳͲΛ։ൃ͍ͯ͠Δϑϥϯεͷ ձࣾ •
࠷ۙͩͱɺϓϩϑΝΠϥπʔϧ blackfire.io ΛϦϦʔε ͨ͠
composer.lock Ͱఆ • Online Checker • Σϒ্Ͱ composer.lock ΛΞοϓϩʔυ •
CLI Checker • CLI Tool Λμϯϩʔυͯ͠ίϚϯυϥΠϯ࣮ߦ • Web API • SensioLabs ্ʹΤϯυϙΠϯτ͕༻ҙ͞Ε͍ͯΔ
ܧଓత੬ऑੑνΣοΫ • ֤छΠϯλϑΣʔε͕ఏڙ͞Ε͍ͯΔͷͰɺCI ʹΈ ࠐΈɺܧଓత੬ऑੑνΣοΫ͕؆୯ʹՄೳ
How to integrate • composer require sensiolabs/security-checker • composer update
• git add composer.json composer.lock • git commit -m ‘Integrate security-checker’
TravisCI - .travis.yml language: php php: - 5.6 before_script: -
composer self-update - composer install - chmod -R 777 storage script: - vendor/bin/security-checker security:check - phpunit
CircleCI - circle.yml machine: timezone: Asia/Tokyo php: version: 5.6.14 test:
override: - vendor/bin/security-checker security:check - vendor/bin/phpunit
Test • swiftmailer/swiftmailer 5.2.1 ະຬͷόʔδϣϯʹ੬ ऑੑ͕͋Δ • ͨΊ͠ʹ 5.0.0
Λ Πϯετʔϧ͢ΔΑ͏ ࢦఆͯ͠ΈΔ
Test • ͪΌΜͱ fail ͠·ͨ͠ • ੬ऑੑͷ༰දࣔ͞Ε͍ͯ·͢
Test • ࠷৽൛ΛೖΕΔΑ͏ʹઃఆͯ͠࠶νϟϨϯδ • ͪΌΜͱ green ʹͳΓ·ͨ͠
੬ऑੑσʔλϕʔε • ͜ͷϦϙδτϦʹొ͞Ε͍ͯΔͷ͕੬ऑੑσʔλϕʔ εͱͯ͠ΘΕ͍ͯΔ • https://github.com/FriendsOfPHP/security- advisories • This database
must not serve as the primary source of information for security issues, it is not authoritative for any referenced software, but it allows to centralize information for convenience and easy consumption.
·ͱΊ • ΄΅ίετθϩͰϥΠϒϥϦͷ੬ऑੑνΣοΫ͕Մೳ ʹͳΔͷͰɺೖΕ͓͍ͯͯଛͳ͍Ͱ͢ • ͕ɺઌఔݴͬͨͱ͓Γશʹ৴པͯ͠͠·Θͳ͍Α ͏ʹҙ • JVN ͳͲଞͷσʔλϕʔεผ్νΣοΫ͠·͠ΐ͏
• https://github.com/serima/security-checker-on-lumen • αϯϓϧΛஔ͍͓͖ͯ·ͨ͠
͓ΘΓ
serima
m_seki
sansan_randd
capytan
sansan33
aeonpeople
minorun365
nihonbuson
thara0402
glaforge
rvirus0817
nikinusu
chriscoyier
eileencodes
tanoku
frankvandijk
marketingsoph
addyosmani
bluesmoon
dugsong
bermonpainter
kimpetersen
nikkihalliwell
moore
