A Phing task that use Sensio Security Advisories Checker to checks if your application uses dependencies with known security vulnerabilities.
The preferred way of installation is through Composer. Add notfloran/phing-composer-security-checker
as a requirement to composer.json:
{
"require": {
"notfloran/phing-composer-security-checker": "~1.0"
}
}
Let Phing know about the Security Checker task:
<taskdef name="security-checker" classname="notFloran\SecurityChecker\PhingTask" />
Then :
<security-checker />
Or :
<security-checker file="/var/www/symfony/composer.lock" />
With all attributes :
<security-checker file="/var/www/symfony/composer.lock" haltOnError="false" format="text" outputProperty="alerts" />
<echo msg="Alerts : ${alerts} ..." />
- file : path to the composer.lock file (default: composer.lock)
- haltOnError : indicate if an exception is thrown or not when vulnerabilities are detected (default: true)
- format : format of the list of vulnerabilities (json or text) (default: text)
- outputProperty : property name to set with output value
phing-composer-security-checker is released under the MIT public license.