A Phing task that use Sensio Security Advisories Checker to checks if your application uses dependencies with known security vulnerabilities.

The preferred way of installation is through Composer. Add notfloran/phing-composer-security-checker as a requirement to composer.json:

{
    "require": {
        "notfloran/phing-composer-security-checker": "~1.0"
    }
}

Let Phing know about the Security Checker task:

    <taskdef name="security-checker" classname="notFloran\SecurityChecker\PhingTask" />

Then :

    <security-checker />

Or :

    <security-checker file="/var/www/symfony/composer.lock" />

With all attributes :

    <security-checker file="/var/www/symfony/composer.lock"  haltOnError="false" format="text" outputProperty="alerts" />
    <echo msg="Alerts : ${alerts} ..." />

• file : path to the composer.lock file (default: composer.lock)
• haltOnError : indicate if an exception is thrown or not when vulnerabilities are detected (default: true)
• format : format of the list of vulnerabilities (json or text) (default: text)
• outputProperty : property name to set with output value

phing-composer-security-checker is released under the MIT public license.