So I've never done anything like this before in Travis but I have done IDE plugins and pre prod scans in the past at large companies which worked well. I floated the idea past a friend working at Travis and she said if we go that route she would assist.
I just think that if this is integrated from the beginning and fail builds on critical issues (to start), this could be a big differentiator, especially because we're talking about a security platform that centralizes tons of sensitive information, tries to parse almost anything that's thrown at it (think of what's been happening to AV products recently), and is open source for bad guys to dig into much more easily. Jon On Fri, May 27, 2016, 09:34 Nick Allen <n...@nickallen.org> wrote: > I am not aware of any discussions around this, Jon. What are you thinking? > > On Thu, May 26, 2016 at 4:35 PM, zeo...@gmail.com <zeo...@gmail.com> > wrote: > > > I was just wondering if there is any sort of static (or even dynamic) > code > > analysis, or penetrating testing/vulnerability assessment, occurring at > any > > point on the metron code. Has there been any discussion of installing > > something along those lines on the Travis build server (if it isn't there > > already)? Thanks, > > > > Jon > > -- > > > > Jon > > > > > > -- > Nick Allen <n...@nickallen.org> > -- Jon
