Sqreen (https://www.sqreen.io) describes how open-source public tools can help improve your software security in your Continuous Integration cycle.
This presentation focus on Ruby on Rails and uses open source Ruby gems as well as Jenkins, an open source CI tool.
Two tools are presented. Arachni (https://github.com/Arachni/arachni) is a dynamic security analysis tool. It need some special scripting to get integrated to Jenkins (ask me!).
Brakeman (https://github.com/presidentbeef/brakeman), a static analysis tool, targets Ruby on Rails applications source code. It can be easily integrated to Jenkins thanks to an existing plug-in.
This method can make the reports hard to understand and process systematically in a CI work flow.
Jean-Baptiste Aviat, Sqreen CTO