Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Security Advisories Checker on Travis/Circle CI
Search
Ryo Shibayama
January 13, 2016
Technology
0
32
Security Advisories Checker on Travis/Circle CI
Ryo Shibayama
January 13, 2016
Tweet
Share
More Decks by Ryo Shibayama
See All by Ryo Shibayama
技術広報の集い #3 Lightning Talk - LayerX
serima
0
380
採用は全員で | Chuo TECH #1
serima
4
1.4k
高専 5 年時に 7 泊 8 日の合宿型ビジコンに参加したら人生が変わった
serima
0
420
カジュアル面談を通して “自社”のことを知る
serima
0
250
倒れても進捗 / Progress even if I fall
serima
1
780
CircleCI 導入への入門 / Introduction to CircleCI
serima
0
95
GameWithを支えるインフラ基盤 - スケールイン・アウト戦略編 / GameWith infrastructure - Scale in and out strategy
serima
0
57
エンジニア採用と PHP / Engineer Recruitment and PHP
serima
0
88
できることから始める OSS Contribution / Start OSS Contribution With What You Know
serima
1
210
Other Decks in Technology
See All in Technology
AIに目を奪われすぎて、周りの困っている人間が見えなくなっていませんか?
cap120
1
430
AI によるドキュメント処理を加速するためのOCR 結果の永続化と再利用戦略
tomoaki25
0
410
Claude CodeでKiroの仕様駆動開発を実現させるには...
gotalab555
3
900
Lambda management with ecspresso and Terraform
ijin
2
140
o11yツールを乗り換えた話
tak0x00
1
300
dipにおけるSRE変革の軌跡
dip_tech
PRO
1
230
S3 Glacier のデータを Athena からクエリしようとしたらどうなるのか/try-to-query-s3-glacier-from-athena
emiki
0
180
AWS DDoS攻撃防御の最前線
ryutakondo
1
130
人に寄り添うAIエージェントとアーキテクチャ #BetAIDay
layerx
PRO
8
2k
Google Agentspaceを実際に導入した効果と今後の展望
mixi_engineers
PRO
3
330
Mambaで物体検出 完全に理解した
shirarei24
2
210
マルチモーダル基盤モデルに基づく動画と音の解析技術
lycorptech_jp
PRO
4
520
Featured
See All Featured
The World Runs on Bad Software
bkeepers
PRO
70
11k
Testing 201, or: Great Expectations
jmmastey
45
7.6k
Statistics for Hackers
jakevdp
799
220k
The Art of Programming - Codeland 2020
erikaheidi
54
13k
Automating Front-end Workflow
addyosmani
1370
200k
GraphQLの誤解/rethinking-graphql
sonatard
71
11k
Code Reviewing Like a Champion
maltzj
524
40k
Git: the NoSQL Database
bkeepers
PRO
431
65k
Building Better People: How to give real-time feedback that sticks.
wjessup
367
19k
GraphQLとの向き合い方2022年版
quramy
49
14k
A Tale of Four Properties
chriscoyier
160
23k
Stop Working from a Prison Cell
hatefulcrawdad
271
21k
Transcript
Security Advisories Checker on (Travis|Circle) CI PHP BLT#2 @serima
@serima • PHP Developer @ Zappallas • mag2 -> GREE
-> Zappallas • http://serima.co/blog • Recent topics • WordPress on PHP 7, HTTP/2 • Setup Sakura-VPS with Ansible • ࠷ۙͷڵຯ • ೋࢎԽૉೱͷܭଌʢ·ͩͬͯͳ͍ʂʣ
SensioLabs Security Advisories Checker • SensioLabs ࣾͷϥΠϒϥϦ੬ऑੑνΣοΧʔ
SensioLabs • Symfony / Twig / Silex ͳͲΛ։ൃ͍ͯ͠Δϑϥϯεͷ ձࣾ •
࠷ۙͩͱɺϓϩϑΝΠϥπʔϧ blackfire.io ΛϦϦʔε ͨ͠
composer.lock Ͱఆ • Online Checker • Σϒ্Ͱ composer.lock ΛΞοϓϩʔυ •
CLI Checker • CLI Tool Λμϯϩʔυͯ͠ίϚϯυϥΠϯ࣮ߦ • Web API • SensioLabs ্ʹΤϯυϙΠϯτ͕༻ҙ͞Ε͍ͯΔ
ܧଓత੬ऑੑνΣοΫ • ֤छΠϯλϑΣʔε͕ఏڙ͞Ε͍ͯΔͷͰɺCI ʹΈ ࠐΈɺܧଓత੬ऑੑνΣοΫ͕؆୯ʹՄೳ
How to integrate • composer require sensiolabs/security-checker • composer update
• git add composer.json composer.lock • git commit -m ‘Integrate security-checker’
TravisCI - .travis.yml language: php php: - 5.6 before_script: -
composer self-update - composer install - chmod -R 777 storage script: - vendor/bin/security-checker security:check - phpunit
CircleCI - circle.yml machine: timezone: Asia/Tokyo php: version: 5.6.14 test:
override: - vendor/bin/security-checker security:check - vendor/bin/phpunit
Test • swiftmailer/swiftmailer 5.2.1 ະຬͷόʔδϣϯʹ੬ ऑੑ͕͋Δ • ͨΊ͠ʹ 5.0.0
Λ Πϯετʔϧ͢ΔΑ͏ ࢦఆͯ͠ΈΔ
Test • ͪΌΜͱ fail ͠·ͨ͠ • ੬ऑੑͷ༰දࣔ͞Ε͍ͯ·͢
Test • ࠷৽൛ΛೖΕΔΑ͏ʹઃఆͯ͠࠶νϟϨϯδ • ͪΌΜͱ green ʹͳΓ·ͨ͠
੬ऑੑσʔλϕʔε • ͜ͷϦϙδτϦʹొ͞Ε͍ͯΔͷ͕੬ऑੑσʔλϕʔ εͱͯ͠ΘΕ͍ͯΔ • https://github.com/FriendsOfPHP/security- advisories • This database
must not serve as the primary source of information for security issues, it is not authoritative for any referenced software, but it allows to centralize information for convenience and easy consumption.
·ͱΊ • ΄΅ίετθϩͰϥΠϒϥϦͷ੬ऑੑνΣοΫ͕Մೳ ʹͳΔͷͰɺೖΕ͓͍ͯͯଛͳ͍Ͱ͢ • ͕ɺઌఔݴͬͨͱ͓Γશʹ৴པͯ͠͠·Θͳ͍Α ͏ʹҙ • JVN ͳͲଞͷσʔλϕʔεผ్νΣοΫ͠·͠ΐ͏
• https://github.com/serima/security-checker-on-lumen • αϯϓϧΛஔ͍͓͖ͯ·ͨ͠
͓ΘΓ
serima
cap120
tomoaki25
gotalab555
ijin
tak0x00
dip_tech
emiki
ryutakondo
layerx
mixi_engineers
shirarei24
lycorptech_jp
bkeepers
jmmastey
jakevdp
erikaheidi
addyosmani
sonatard
maltzj
wjessup
quramy
chriscoyier
hatefulcrawdad
