Recently I came across a discussion where organisations are not only talking about testing the business functionality during the CI build but security testing their code too.

For example, integrating security testing in CI as a post build action along with your Unit/Performance tests. While searching through the web, I came across this website. This is one of best sites which describes the most common software security weaknesses. This site does not just list the weaknesses but, It serves as a common language, a measuring stick for software security tools, and as a baseline for weakness identification, mitigation, and prevention.

Have a look.

http://cwe.mitre.org/index.html

cwe

A screen shot for the Java language as an example,

cwe1