Travis CI integration

In this page I want to demonstrate how to integrate Scanmycode with Travis CI environment.

Code versioning has become a standard practice in development circles, with GitHub being a popular platform for hosting code repos. However, a common issue is the testing of the code as it is pushed by a team member. As the volume of commits increases, ensuring the quality and accuracy of code becomes a challenge.

This is where the idea of Continuous Integration comes in. It is defined as a development subprocess that automates build creation and code testing. As soon as a team member pushes a commit, the continuous integration process compiles the code, execute it and checks for bugs. Thus, the developers always have a fair idea about the quality of their code.

Travis CI is a continuous integration environment.

Whenever you commit code changes, Scanmycode will scan your PHP, Python, Ruby or JS code for best practices, anti-patterns and security.

Fig 1. Travis CI setup

Travis CI works with the code hosted on GitHub. Thus, you need to host all the source code in a GitHub repo. You can follow this simple guide to deploying code at GitHub. Start by installing Git on your local machine and then use the following commands:

git init
git add README.md
git commit -m "first commit"
git remote add origin https://github.com/username/your-repo.git
git push -u origin master

You will need to enter your GitHub credentials (username and password) once the code has been deployed on the repository.

Add .travis.yml file

.travis.yml

language: generic

script:
- curl -X POST https://app.scanmycode.today/api/v1/project/<project id>/analyze

Next, I will add .travis.yml file that is the backbone of this workflow.

Push Changes to GitHub

It is time to make changes to the code. When done, remember to commit the code and push the code to the repository.

Next, go to Travis website, you could see that the build has started executing and the repo has turned yellow.

Fig 2. Travis CI build

Shortly, you will see the results (success or failure) of the build run.

Add Build Badge to README.md

<a href="https://app.scanmycode.today/project/<project id>"><img src="https://app.scanmycode.today/api/v1/project/<project id>/badge.svg" alt="Code issues" /></a>

Your badge will look like this:

Fig 3. Badge

and here is your full Report at Scanmycode

Fig 4. Scanmycode report

Don’t forget to check the project Settings under Settings tab.

Fig 5. Scanmycode Settings

and you can also customize which of 500 check for PHP, Python, Ruby and JS should be enabled.

Fig 6. Scanmycode SAST (Code Scanning) checks

FAQs

What is the main purpose of continuous integration?

The main purpose of Continuous integration is to validate and test codebase at every time it is changed. It automates the build every time whenever something is changed in the code by the team members working on the project, identifies possible errors in the code and lets everyone know about it so that could be corrected accordingly. Continuous integration gives all the team members the privilege to share their code and unit tests by accumulating their changes into a shared repository after each task completion.

What are the best practices of continuous integration?

The best practices for Continuous integration are given as follows:

  • Maintain a code repository
  • Automate the build
  • Do integration testing before unit testing
  • Make the build self-testing
  • Always test the application in a clone environment

When to use continuous integration?

Continuous integration should be used when your application is been undergoing with rapid changes and when its manual testing becomes a bit hefty task. Because continuous integration gives you the privilege to test each change done to your code automatically, so that no errors gets remained at disposal and all the codebase runs correctly every time.

Why continuous integration is important for agile?

Continuous integration is important in Agile because it gives faster checking of codebase and faster correction to its errors and that too at any stage of the deployment, which is also what the basic concept of Agile methodology is. That is why CI becomes important for opting in agile working way.