Ruby on Rails Security in your Continuous Integration

Foundations of your development cycle

“Never send a human to do a machine’s job ” — Agent Smith

 How open-source public tools can help improve your software security in your Continuous Integration cycle.

This presentation focus on Ruby on Rails and uses open source Ruby gems as well as Jenkins, an open source CI tool.

Two security tools are described:

  • Arachni is a dynamic security analysis tool, which needs some special scripting to get integrated to Jenkins ;
  • Brakeman, a static analysis tool, targets Ruby on Rails applications source code. It can be easily integrated to Jenkins thanks to an existing plug-in.

Nb: Reporting and fixed often hard to process systematically through a CI workflow