sensiolabs/security-checker
's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.Name | Version | Size | License | Type | Vulnerabilities |
---|---|---|---|---|---|
symfony/console | v5.4.39 | - | MIT | prod | |
symfony/http-client | v5.4.39 | - | MIT | prod dev | |
symfony/mime | v5.4.39 | - | MIT | prod | |
symfony/polyfill-ctype | v1.29.0 | - | MIT | prod |
The SensioLabs Security Checker is a command line tool specifically designed to evaluate the security of your application. Its main operation is verifying potential vulnerabilities associated with your application's dependencies. To accomplish this, it accesses the Security Check Web service and the Security Advisories Database, cross-referencing your dependencies with known security issues.
As an easy-to-use command line tool, using the SensioLabs Security Checker involves initiating a command check for your composer.lock
file. You have two options for doing this. The first is to download the security-checker.phar
file and execute:
$ php security-checker.phar security:check /path/to/composer.lock
The second option is to install the package using composer and then run:
$ composer install
$ php security-checker security:check /path/to/composer.lock
For a more integrated approach, you can incorporate the SecurityCheckerCommand
class into your Symfony console application. Otherwise, utilize the SecurityChecker
class directly into your own code like this:
use SensioLabs\Security\SecurityChecker;
$checker = new SecurityChecker();
$result = $checker->check('/path/to/composer.lock', 'json');
$alerts = json_decode((string) $result, true);
The essential documentation you need to effectively utilize the SensioLabs Security Checker is included directly in the README file of the package's GitHub repository. However, for supplementary information regarding the security check web service, you can visit security.symfony.com. Additional details on the Security Advisories Database can be found at Friends Of PHP Github.