Travis CI

Travis CI is a hosted continuous integration service used to build and test software projects. RIPS can be easily integrated into Travis CI as a quality gate to notify the developers about new security issues in their code.


To integrate RIPS into your Travis process you only have to download and run the rips-cli Docker container. The following .travis.yml example showcases a setup that stops the build if the analysis detects one or more high or critical security vulnerabilities, or more than 5 vulnerabilities in total:

sudo: required

language: php

 - docker

 - docker pull rips/rips-cli:3

 - docker run --rm -it -e RIPS_BASE_URI -e RIPS_PASSWORD -e RIPS_USERNAME -v `pwd`:/data rips/rips-cli:3 rips:scan:start -p /data -T "$TRAVIS_BRANCH" -t high:0 -t critical:0 -t 5 -a app_id

The app id has to replaced with the actual numeric id of an existing RIPS application. If you do not have an application yet you can create it with rips-cli. To authenticate with RIPS it is highly recommended to use environment variables. The variables can be set at "More options", "Settings", "Environment Variables". Make sure to disable "Display value in build log" to avoid information leaks through the log files.