M6 - Security Weakness Identification with Continuous Integration
Description
Continuous Integration (CI) is a software development practice that regularly and automatically integrates code changes from multiple contributors into a shared repository. The primary goal of CI is to ensure that new code additions or modifications do not introduce new issues or break existing functionality. This is achieved by frequently building, testing, and validating the codebase, allowing development teams to detect and address issues early in the development cycle. Continuous Integration (CI) promotes collaboration, rapid feedback, and high-quality, stable software delivery.
Use an existing tool and Git Hooks to activate a static analysis tool for a popular repository.
Courses Where This Module Is Integrated
Software Quality Assurance (Auburn University, Spring 2023, Fall 2023)
Mobile Security (Tuskegee University, Fall 2022)
Activities
Pre-lab Content Dissemination
Pioneered by Martin Fowler (https://martinfowler.com/), continuous integration (CI) is the practice of automatically integrating code changes. A few key principles of CI are:
maintain a single source repository
automate the build
every commit should build mainline on an integration machine
keep the build fast
make it easy for anyone to get the latest executable
everyone can see what's happening
As part of this workshop, we will see how we can use an existing CI tool called GitHub Actions(https://docs.github.com/en/actions) and Codacy (https://github.com/marketplace/actions/codacy-analysis-cli) to not only integrate code changes with CI but also check for quality concerns with static analysis.
In-class Hands-on Experience
Create an account on GitHub if you haven't already
Fork the repository `https://github.com/paser-group/COVID19` and clone it. See Here how to fork and clone a repository from GitHub.
Detailed demonstration can be found here with GitHub Actions or follow the instructions in the following link: https://github.com/marketplace/actions/codacy-analysis-cli.
Create a minor change in any file.
Commit and push the file on your forked repository. Keep track of the commit message.
See the changes in the `Actions` tab within your repository
Find the build by the commit message you used while committing
See the changes
The video recording needed for this hands-on experience is available here.
Post Lab Experience
Repeat all the steps from the in-class experience for the repository `https://github.com/akondrahman/IaCTesting`. This will include forking `https://github.com/akondrahman/IaCTesting`, cloning, adding codacy with GitHub Actions, making changes in a file, committing and pushing, and finding the build in the `Actions` tab of your repository.
Find the URL to your CI run and record it in a TEXT file. Also, capture 5 snapshots of the CI run.
Complete the survey here: https://auburn.qualtrics.com/jfe/form/SV_cAOhdjfti78MVls