We’d like to introduce you to Thrugood, CloudSpokes new tool- providing a quality and security analysis of submitted challenge code.
Thurgood provides you with information so you can determine if you want to tweak your submission based upon security reviews, add additional test coverage or resubmit if you’ve forgotten files that caused your build to fail.
CloudSpokes has integrated several security tools, including Checkmarx’s SAST solution, which were based upon the Thrugood platform.
1. Submit your code for a Salesforce.com challenge.
2. Your code is uploaded to cloud storage and sent to the queue for processing depending upon the type of language.
3. Once the code is committed, the post-receive hook notifies Jenkins (running on Cloudbees) of the new code. Jenkins downloads your code from git, runs various Checkmarx security and vulnerability scans, runs ANT to deploy your code, runs all unit tests and finally undeploys all of your code. The results of the Checkmarx scans (PDF, CSV and XML files) are upload to S3 while the debug log of the build and unit tests are sent to Papertrail.
View the full process here