Ruby on Rails Security in your Continuous Integration

Foundations of your development cycle

“Never send a human to do a machine’s job ” — Agent Smith

 How open-source public tools can help improve your software security in your Continuous Integration cycle.

This presentation focus on Ruby on Rails and uses open source Ruby gems as well as Jenkins, an open source CI tool.

Two security tools are described:

  • Arachni is a dynamic security analysis tool, which needs some special scripting to get integrated to Jenkins ;
  • Brakeman, a static analysis tool, targets Ruby on Rails applications source code. It can be easily integrated to Jenkins thanks to an existing plug-in.

Nb: Reporting and fixed often hard to process systematically through a CI workflow

Share
Tweet
Share
Share

Jean-Baptiste Aviat spent half a decade hunting vulnerabilities at Apple, helping developers solve them, and developing security software. He is now CTO at Sqreen.

Related Tags
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments