I completely agree that we will need some focus on this. What could Travis do for us? I wasn't aware that they offered security scanning.
Are you aware of any security scan services that offer free support to open source projects? On Fri, May 27, 2016 at 9:42 AM, zeo...@gmail.com <zeo...@gmail.com> wrote: > So I've never done anything like this before in Travis but I have done IDE > plugins and pre prod scans in the past at large companies which worked > well. I floated the idea past a friend working at Travis and she said if > we go that route she would assist. > > I just think that if this is integrated from the beginning and fail builds > on critical issues (to start), this could be a big differentiator, > especially because we're talking about a security platform that centralizes > tons of sensitive information, tries to parse almost anything that's thrown > at it (think of what's been happening to AV products recently), and is open > source for bad guys to dig into much more easily. > > Jon > > On Fri, May 27, 2016, 09:34 Nick Allen <n...@nickallen.org> wrote: > > > I am not aware of any discussions around this, Jon. What are you > thinking? > > > > On Thu, May 26, 2016 at 4:35 PM, zeo...@gmail.com <zeo...@gmail.com> > > wrote: > > > > > I was just wondering if there is any sort of static (or even dynamic) > > code > > > analysis, or penetrating testing/vulnerability assessment, occurring at > > any > > > point on the metron code. Has there been any discussion of installing > > > something along those lines on the Travis build server (if it isn't > there > > > already)? Thanks, > > > > > > Jon > > > -- > > > > > > Jon > > > > > > > > > > > -- > > Nick Allen <n...@nickallen.org> > > > -- > > Jon > -- Nick Allen <n...@nickallen.org>
