Foundations of your development cycle
“Never send a human to do a machine’s job ” — Agent Smith
This presentation focus on Ruby on Rails and uses open source Ruby gems as well as Jenkins, an open source CI tool.
Two security tools are described:
- Arachni is a dynamic security analysis tool, which needs some special scripting to get integrated to Jenkins ;
- Brakeman, a static analysis tool, targets Ruby on Rails applications source code. It can be easily integrated to Jenkins thanks to an existing plug-in.
Nb: Reporting and fixed often hard to process systematically through a CI workflow