News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

SitePoint PHP Blog:
Check Your Code's Quality with SensioLabs Insight
August 07, 2014 @ 12:25:20

On the SitePoint PHP blog today there's a new post by Peter Nijssen introducing you to the SensioLabs Insight service and how it can improve your code quality (including locating security concerns).

The quality of your code is as important as testing your application. Recently, we have seen multiple articles which hopefully helped you on your way to providing a more stable application. Today, we are going to have a closer look at SensioLabs Insight. If you used Symfony or Silex in the past, you are probably familiar with SensioLabs, since they are the main sponsor of the Symfony framework.

He quickly introduces the service, mentioning what it has to offer and how to get your account all set up (free for open source libraries but it requires the results to be public). He includes some screenshots showing what the setup and scan results of your project might look like. He shows how to get more detail on the findings and how they can easily be exported to your bug tracker for fixing. He also covers some of the configuration you can do (through a YAML file) to tell Insight things like: php.ini settings, directories to exclude and specific rules to run during the scans.

0 comments voice your opinion now!
sensiolabs insight introduction service scan code quality

Link: http://www.sitepoint.com/check-codes-quality-sensiolabs-insight/

SensioLabs Insight Blog:
Jenkins integration
March 13, 2014 @ 09:06:25

The latest post to the SensioLabs Insight blog today shows you how you can integrate the service with Jenkins as a part of your pre-existing continuous integration workflow.

One of the main features of SensioLabsInsight service is that it integrates smoothly into your existing workflow and technical infrastructure. We know that most companies use Jenkins as their continuous integration server and for that reason, SensioLabsInsight provides out-of-the-box Jenkins integration.

The integration uses the Insight API to perform the checks and return a report of the results. They step you through the process to get the connection set up (using the API client) and send the request for processing. The result is returned in PMD format, something Jenkins can easily parse and integrate into the pass/fail of the job. You can also get the details of the issues including error message, file location and the priority of the issue.

0 comments voice your opinion now!
jenkins continuous integration sensiolabs insight

Link: http://blog.insight.sensiolabs.com/2014/02/12/jenkins-integration.html

Fabien Potencier:
SensioLabs raises 5 million euros to boost the Symfony ecosystem
December 16, 2013 @ 09:39:43

On his site today Fabien Potencier shares some wonderful news for the Symfony community - Sensio has raised 5 million Euros to help boost the Symfony project and its ecosystem.

Fund raising in the PHP world does not happen that often, and that makes me sad. Of course, PHP has big players like Automattic, Acquia, or Zend, but the PHP world has so many great solutions, great products, and a large community of very talented developers. They deserve more exposure and I hope that our fund raising is one small step into that direction.

As far as their plans on what to do with the funds, they're talking about a few options - improvement of the whole ecosystem around the framework, hiring developers dedicated to the work SensioLabs does for the framework and things like SensioLabs Insight.

0 comments voice your opinion now!
sensiolabs fund symfony framework ecosystem community

Link: http://fabien.potencier.org/article/71/sensiolabs-raises-5-million-euros-to-boost-the-symfony-ecosystem

Pádraic Brady:
Publishing Security Disclosures In Consumable Formats
May 16, 2013 @ 09:03:59

Pádraic Brady has a new post today proposing that what the PHP ecosystem needs is a way to better publish security disclosures in a format that's easy to parse and deal with.

This is a branch off from a separate discussion on the PHP-FIG mailing list about other ways the Framework Interoperability Group can encourage and foster wider interoperability among its member projects (and by extension, the whole PHP community). I'll start by noting two interesting developments in recent months and one long standing best practice.

The two "interesting developments" he mentions are the relatively recently released SensioLabs Security Checker that uses you Composer file to find security issues and the new entry in the latest version of the OWASP Top 10 list for "Using Components with Known Vulnerabilities". The best practice he talks about is more around the timely/responsible disclosure of vulnerabilities and how some kind of decentralized tracking of these issues that puts the responsibility back on the developers of the tool and not on one tracking resource.

0 comments voice your opinion now!
security disclosure feed proposal sensiolabs checker owasp

Link: http://blog.astrumfutura.com/2013/05/publishing-security-disclosures-in-consumable-formats-for-simpler-aggregation-and-security-checking

Fabien Potencier:
Don't use PHP libraries with known security issues
February 20, 2013 @ 10:54:20

In his latest post Fabien Potencier introduces a new effort to help PHP developers using Composer for their dependencies find potential security issues automatically - the security.sensiolabs.com site.

I want to provide a simple and efficient way to check for vulnerabilities in a project and I want to serve more than just the Symfony community. That's why I'm really proud to announce a new SensioLabs initiative: a simple way to check if your project depends on third-party libraries with known security issues. The website explains how it works in details (https://security.sensiolabs.org/), but basically, this initiative gives you several ways to check for security issues in your project dependencies based on the information contained in you composer.lock file (you are using Composer to manage your dependencies, right?)

Composer users can upload their "composer.lock" file and the system will evaluate it against the vulnerabilities it knows about and return any issues it might find. The current database is hosted on github and can be added to by anyone using a pull request. Additionally, you can install the command-line version if you want to do checks locally.

0 comments voice your opinion now!
library security issue sensiolabs database checker



Community Events





Don't see your event here?
Let us know!


package library introduction security interview laravel release symfony opinion language podcast community series application install tool version framework composer voicesoftheelephpant

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework