Skip to content
This repository has been archived by the owner on Feb 6, 2023. It is now read-only.

A composer plugin that checks if your application uses dependencies with known security vulnerabilities (it uses SensioLabs Security Checker)

License

Notifications You must be signed in to change notification settings

DavidePastore/composer-audit

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Warning This project is not maintained anymore. Since version 2.4.0-RC1, Composer officially supports the audit command that checks for known security vulnerabilities.

composer-audit

PSR2 Conformance

A composer plugin that checks if your application uses dependencies with known security vulnerabilities (it uses SensioLabs Security Checker).

Installation

Using the composer command:

$ composer require davidepastore/composer-audit:0.1.*

Manually adding in composer.json:

"require": {
  "davidepastore/composer-audit": "0.1.*"
}

Usage

The checker will be executed when you launch composer install or composer update. If you have alerts in your composer.lock, composer-audit will print them. An example could be this:

ALERTS from SensioLabs security advisories.

 *** dompdf/dompdf[v0.6.0] ***

 * dompdf/dompdf/CVE-2014-2383.yaml
Arbitrary file read in dompdf
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2383/
CVE-2014-2383


Please fix these alerts from SensioLabs security advisories.

If no alert is found, you'll get this:

All good from SensioLabs security advisories.

Issues

If you have issues, just open one here.

About

A composer plugin that checks if your application uses dependencies with known security vulnerabilities (it uses SensioLabs Security Checker)

Topics

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages