Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Security Advisories Checker on Travis/Circle CI

Ryo Shibayama
January 13, 2016
Technology
0
25

Security Advisories Checker on Travis/Circle CI

Ryo Shibayama

January 13, 2016
Tweet

More Decks by Ryo Shibayama

See All by Ryo Shibayama
技術広報の集い #3 Lightning Talk - LayerX
serima
0
320
採用は全員で | Chuo TECH #1
serima
4
1.3k
高専 5 年時に 7 泊 8 日の合宿型ビジコンに参加したら人生が変わった
serima
0
380
カジュアル面談を通して “自社”のことを知る
serima
0
230
倒れても進捗 / Progress even if I fall
serima
0
160
CircleCI 導入への入門 / Introduction to CircleCI
serima
0
76
GameWithを支えるインフラ基盤 - スケールイン・アウト戦略編 / GameWith infrastructure - Scale in and out strategy
serima
0
43
エンジニア採用と PHP / Engineer Recruitment and PHP
serima
0
67
できることから始める OSS Contribution / Start OSS Contribution With What You Know
serima
1
170

Other Decks in Technology

See All in Technology
Python(PYNQ)がテーマのAMD主催のFPGAコンテストに参加してきた
iotengineer22
0
480
DynamoDB でスロットリングが発生したとき/when_throttling_occurs_in_dynamodb_short
emiki
0
230
第1回 国土交通省 データコンペ参加者向け勉強会③ - Snowflake x estie編 -
estie
0
130
Engineer Career Talk
lycorp_recruit_jp
0
180
Evangelismo técnico: ¿qué, cómo y por qué?
trishagee
0
360
リンクアンドモチベーション ソフトウェアエンジニア向け紹介資料 / Introduction to Link and Motivation for Software Engineers
lmi
4
300k
VideoMamba: State Space Model for Efficient Video Understanding
chou500
0
190
Oracle Cloud Infrastructure データベース・クラウド:各バージョンのサポート期間
oracle4engineer
PRO
28
13k
Lambda10周年!Lambdaは何をもたらしたか
smt7174
2
110
Amplify Gen2 Deep Dive / バックエンドの型をいかにしてフロントエンドへ伝えるか #TSKaigi #TSKaigiKansai #AWSAmplifyJP
tacck
PRO
0
390
ISUCONに強くなるかもしれない日々の過ごしかた/Findy ISUCON 2024-11-14
fujiwara3
8
870
RubyのWebアプリケーションを50倍速くする方法 / How to Make a Ruby Web Application 50 Times Faster
hogelog
3
940

Featured

See All Featured
GraphQLとの向き合い方2022年版
quramy
43
13k
Practical Orchestrator
shlominoach
186
10k
Typedesign – Prime Four
hannesfritz
40
2.4k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
506
140k
Speed Design
sergeychernyshev
25
620
Done Done
chrislema
181
16k
Rails Girls Zürich Keynote
gr2m
94
13k
Site-Speed That Sticks
csswizardry
0
26
What’s in a name? Adding method to the madness
productmarketing
PRO
22
3.1k
Making Projects Easy
brettharned
115
5.9k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
280
13k
KATA
mclloyd
29
14k

Transcript

  1. Security Advisories Checker on (Travis|Circle) CI PHP BLT#2 @serima

  2. @serima • PHP Developer @ Zappallas • mag2 -> GREE

    -> Zappallas • http://serima.co/blog • Recent topics • WordPress on PHP 7, HTTP/2 • Setup Sakura-VPS with Ansible • ࠷ۙͷڵຯ • ೋࢎԽ୸ૉೱ౓ͷܭଌʢ·ͩ΍ͬͯͳ͍ʂʣ

  3. SensioLabs Security Advisories Checker • SensioLabs ࣾ੡ͷϥΠϒϥϦ੬ऑੑνΣοΧʔ

  4. SensioLabs • Symfony / Twig / Silex ͳͲΛ։ൃ͍ͯ͠Δϑϥϯεͷ ձࣾ •

    ࠷ۙͩͱɺϓϩϑΝΠϥπʔϧ blackfire.io ΛϦϦʔε ͨ͠

  5. composer.lock Ͱ൑ఆ • Online Checker • ΢Σϒ্Ͱ composer.lock ΛΞοϓϩʔυ •

    CLI Checker • CLI Tool Λμ΢ϯϩʔυͯ͠ίϚϯυϥΠϯ࣮ߦ • Web API • SensioLabs ্ʹΤϯυϙΠϯτ͕༻ҙ͞Ε͍ͯΔ

  6. ܧଓత੬ऑੑνΣοΫ • ֤छΠϯλϑΣʔε͕ఏڙ͞Ε͍ͯΔͷͰɺCI ʹ૊Έ ࠐΈɺܧଓత੬ऑੑνΣοΫ͕؆୯ʹՄೳ

  7. How to integrate • composer require sensiolabs/security-checker • composer update

    • git add composer.json composer.lock • git commit -m ‘Integrate security-checker’

  8. TravisCI - .travis.yml language: php php: - 5.6 before_script: -

    composer self-update - composer install - chmod -R 777 storage script: - vendor/bin/security-checker security:check - phpunit

  9. CircleCI - circle.yml machine: timezone: Asia/Tokyo php: version: 5.6.14 test:

    override: - vendor/bin/security-checker security:check - vendor/bin/phpunit

  10. Test • swiftmailer/swiftmailer ͸ 5.2.1 ະຬͷόʔδϣϯʹ੬ ऑੑ͕͋Δ • ͨΊ͠ʹ 5.0.0

    Λ
 Πϯετʔϧ͢ΔΑ͏
 ࢦఆͯ͠ΈΔ

  11. Test • ͪΌΜͱ fail ͠·ͨ͠ • ੬ऑੑͷ಺༰΋දࣔ͞Ε͍ͯ·͢

  12. Test • ࠷৽൛ΛೖΕΔΑ͏ʹઃఆͯ͠࠶౓νϟϨϯδ • ͪΌΜͱ green ʹͳΓ·ͨ͠

  13. ੬ऑੑσʔλϕʔε • ͜ͷϦϙδτϦʹొ࿥͞Ε͍ͯΔ΋ͷ͕੬ऑੑσʔλϕʔ εͱͯ͠࢖ΘΕ͍ͯΔ • https://github.com/FriendsOfPHP/security- advisories • This database

    must not serve as the primary source of information for security issues, it is not authoritative for any referenced software, but it allows to centralize information for convenience and easy consumption.

  14. ·ͱΊ • ΄΅ίετθϩͰϥΠϒϥϦͷ੬ऑੑνΣοΫ͕Մೳ ʹͳΔͷͰɺೖΕ͓͍ͯͯଛ͸ͳ͍Ͱ͢ • ͕ɺઌఔ΋ݴͬͨͱ͓Γ׬શʹ৴པͯ͠͠·Θͳ͍Α ͏ʹ஫ҙ • JVN ͳͲଞͷσʔλϕʔε͸ผ్νΣοΫ͠·͠ΐ͏

    • https://github.com/serima/security-checker-on-lumen • αϯϓϧΛஔ͍͓͖ͯ·ͨ͠

  15. ͓ΘΓ