Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Security Advisories Checker on Travis/Circle CI
Search
Ryo Shibayama
January 13, 2016
Technology
0
31
Security Advisories Checker on Travis/Circle CI
Ryo Shibayama
January 13, 2016
Tweet
Share
More Decks by Ryo Shibayama
See All by Ryo Shibayama
技術広報の集い #3 Lightning Talk - LayerX
serima
0
380
採用は全員で | Chuo TECH #1
serima
4
1.4k
高専 5 年時に 7 泊 8 日の合宿型ビジコンに参加したら人生が変わった
serima
0
420
カジュアル面談を通して “自社”のことを知る
serima
0
250
倒れても進捗 / Progress even if I fall
serima
1
780
CircleCI 導入への入門 / Introduction to CircleCI
serima
0
93
GameWithを支えるインフラ基盤 - スケールイン・アウト戦略編 / GameWith infrastructure - Scale in and out strategy
serima
0
55
エンジニア採用と PHP / Engineer Recruitment and PHP
serima
0
86
できることから始める OSS Contribution / Start OSS Contribution With What You Know
serima
1
210
Other Decks in Technology
See All in Technology
開発生産性を組織全体の「生産性」へ! 部門間連携の壁を越える実践的ステップ
sudo5in5k
2
6.7k
怖くない!はじめてのClaude Code
shinya337
0
390
united airlines ™®️ USA Contact Numbers: Complete 2025 Support Guide
flyunitedhelp
0
100
マーケットプレイス版Oracle WebCenter Content For OCI
oracle4engineer
PRO
3
960
整頓のジレンマとの戦い〜Tidy First?で振り返る事業とキャリアの歩み〜/Fighting the tidiness dilemma〜Business and Career Milestones Reflected on in Tidy First?〜
bitkey
2
15k
開発生産性を測る前にやるべきこと - 組織改善の実践 / Before Measuring Dev Productivity
kaonavi
8
3.2k
Flutter向けPDFビューア、pdfrxのpdfium WASM対応について
espresso3389
0
130
プライベートクラウドでの効率的な証明書配布戦略 / Efficient Certificate Distribution Strategy in Private Cloud
lycorptech_jp
PRO
0
110
Glacierだからってコストあきらめてない? / JAWS Meet Glacier Cost
taishin
1
160
第4回Snowflake 金融ユーザー会 Snowflake summit recap
tamaoki
1
270
MUITにおける開発プロセスモダナイズの取り組みと開発生産性可視化の取り組みについて / Modernize the Development Process and Visualize Development Productivity at MUIT
muit
1
15k
Tech-Verse 2025 Global CTO Session
lycorptech_jp
PRO
0
1.8k
Featured
See All Featured
Imperfection Machines: The Place of Print at Facebook
scottboms
267
13k
Typedesign – Prime Four
hannesfritz
42
2.7k
The Pragmatic Product Professional
lauravandoore
35
6.7k
Building Better People: How to give real-time feedback that sticks.
wjessup
367
19k
[RailsConf 2023] Rails as a piece of cake
palkan
55
5.7k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
8
690
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
507
140k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
53k
StorybookのUI Testing Handbookを読んだ
zakiyama
30
5.9k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
32
2.4k
Reflections from 52 weeks, 52 projects
jeffersonlam
351
20k
Building Flexible Design Systems
yeseniaperezcruz
328
39k
Transcript
Security Advisories Checker on (Travis|Circle) CI PHP BLT#2 @serima
@serima • PHP Developer @ Zappallas • mag2 -> GREE
-> Zappallas • http://serima.co/blog • Recent topics • WordPress on PHP 7, HTTP/2 • Setup Sakura-VPS with Ansible • ࠷ۙͷڵຯ • ೋࢎԽૉೱͷܭଌʢ·ͩͬͯͳ͍ʂʣ
SensioLabs Security Advisories Checker • SensioLabs ࣾͷϥΠϒϥϦ੬ऑੑνΣοΧʔ
SensioLabs • Symfony / Twig / Silex ͳͲΛ։ൃ͍ͯ͠Δϑϥϯεͷ ձࣾ •
࠷ۙͩͱɺϓϩϑΝΠϥπʔϧ blackfire.io ΛϦϦʔε ͨ͠
composer.lock Ͱఆ • Online Checker • Σϒ্Ͱ composer.lock ΛΞοϓϩʔυ •
CLI Checker • CLI Tool Λμϯϩʔυͯ͠ίϚϯυϥΠϯ࣮ߦ • Web API • SensioLabs ্ʹΤϯυϙΠϯτ͕༻ҙ͞Ε͍ͯΔ
ܧଓత੬ऑੑνΣοΫ • ֤छΠϯλϑΣʔε͕ఏڙ͞Ε͍ͯΔͷͰɺCI ʹΈ ࠐΈɺܧଓత੬ऑੑνΣοΫ͕؆୯ʹՄೳ
How to integrate • composer require sensiolabs/security-checker • composer update
• git add composer.json composer.lock • git commit -m ‘Integrate security-checker’
TravisCI - .travis.yml language: php php: - 5.6 before_script: -
composer self-update - composer install - chmod -R 777 storage script: - vendor/bin/security-checker security:check - phpunit
CircleCI - circle.yml machine: timezone: Asia/Tokyo php: version: 5.6.14 test:
override: - vendor/bin/security-checker security:check - vendor/bin/phpunit
Test • swiftmailer/swiftmailer 5.2.1 ະຬͷόʔδϣϯʹ੬ ऑੑ͕͋Δ • ͨΊ͠ʹ 5.0.0
Λ Πϯετʔϧ͢ΔΑ͏ ࢦఆͯ͠ΈΔ
Test • ͪΌΜͱ fail ͠·ͨ͠ • ੬ऑੑͷ༰දࣔ͞Ε͍ͯ·͢
Test • ࠷৽൛ΛೖΕΔΑ͏ʹઃఆͯ͠࠶νϟϨϯδ • ͪΌΜͱ green ʹͳΓ·ͨ͠
੬ऑੑσʔλϕʔε • ͜ͷϦϙδτϦʹొ͞Ε͍ͯΔͷ͕੬ऑੑσʔλϕʔ εͱͯ͠ΘΕ͍ͯΔ • https://github.com/FriendsOfPHP/security- advisories • This database
must not serve as the primary source of information for security issues, it is not authoritative for any referenced software, but it allows to centralize information for convenience and easy consumption.
·ͱΊ • ΄΅ίετθϩͰϥΠϒϥϦͷ੬ऑੑνΣοΫ͕Մೳ ʹͳΔͷͰɺೖΕ͓͍ͯͯଛͳ͍Ͱ͢ • ͕ɺઌఔݴͬͨͱ͓Γશʹ৴པͯ͠͠·Θͳ͍Α ͏ʹҙ • JVN ͳͲଞͷσʔλϕʔεผ్νΣοΫ͠·͠ΐ͏
• https://github.com/serima/security-checker-on-lumen • αϯϓϧΛஔ͍͓͖ͯ·ͨ͠
͓ΘΓ
serima
sudo5in5k
shinya337
flyunitedhelp
oracle4engineer
bitkey
kaonavi
espresso3389
lycorptech_jp
taishin
tamaoki
muit
scottboms
hannesfritz
lauravandoore
wjessup
palkan
tammyeverts
chriscoyier
destraynor
zakiyama
jcasabona
jeffersonlam
yeseniaperezcruz
