There's nothing built-in with Travis, but we could install a tool to do this as part of the installation of tools on the build box. I'm gonna reach out to people in my local circle who specialize in secure code analysis and see what all of the options are.
Jon On Fri, May 27, 2016 at 9:50 AM Nick Allen <n...@nickallen.org> wrote: > I completely agree that we will need some focus on this. > > What could Travis do for us? I wasn't aware that they offered security > scanning. > > Are you aware of any security scan services that offer free support to open > source projects? > > On Fri, May 27, 2016 at 9:42 AM, zeo...@gmail.com <zeo...@gmail.com> > wrote: > > > So I've never done anything like this before in Travis but I have done > IDE > > plugins and pre prod scans in the past at large companies which worked > > well. I floated the idea past a friend working at Travis and she said if > > we go that route she would assist. > > > > I just think that if this is integrated from the beginning and fail > builds > > on critical issues (to start), this could be a big differentiator, > > especially because we're talking about a security platform that > centralizes > > tons of sensitive information, tries to parse almost anything that's > thrown > > at it (think of what's been happening to AV products recently), and is > open > > source for bad guys to dig into much more easily. > > > > Jon > > > > On Fri, May 27, 2016, 09:34 Nick Allen <n...@nickallen.org> wrote: > > > > > I am not aware of any discussions around this, Jon. What are you > > thinking? > > > > > > On Thu, May 26, 2016 at 4:35 PM, zeo...@gmail.com <zeo...@gmail.com> > > > wrote: > > > > > > > I was just wondering if there is any sort of static (or even dynamic) > > > code > > > > analysis, or penetrating testing/vulnerability assessment, occurring > at > > > any > > > > point on the metron code. Has there been any discussion of > installing > > > > something along those lines on the Travis build server (if it isn't > > there > > > > already)? Thanks, > > > > > > > > Jon > > > > -- > > > > > > > > Jon > > > > > > > > > > > > > > > > -- > > > Nick Allen <n...@nickallen.org> > > > > > -- > > > > Jon > > > > > > -- > Nick Allen <n...@nickallen.org> > -- Jon
