Jens Segers on Jan 10 2015

Automatically check your composer file for security vulnerabilities

SensioLabs' Security Checker is a command line tool that checks if your application uses dependencies with known security vulnerabilities. Adding this to an existing project to automatically scan your composer file is really easy.

First add the tool as dependency for your project:

composer require sensiolabs/security-checker

Then open up your composer.json and add the following post-install and post-update commands:

"scripts": {
    "post-install-cmd": [
        "php vendor/bin/security-checker security:check --format=simple"
    ],
    "post-update-cmd": [
        "php vendor/bin/security-checker security:check --format=simple"
    ]
},

Now every time you do a composer install or composer update the security checker will evaluate your dependencies for security vulnerabilities. Cool right?


Comments

Robert (Jamie) Munro 11 months ago

I used:

"php vendor/bin/security-checker security:check -q || php vendor/bin/security-checker security:check --ansi || true"

as my command, because you get no output if the check passes (there are no known vulnerabilities) and the full colour output if you need it, which really stands out and tells you you need to fix something.


freekmurze 2 years ago

You could also downright reject packages with security issues: https://murze.be/2014/12/automatically-check-for-packages-with-known-security-vulnerabilities/