Jens Segers on

Automatically check your composer file for security vulnerabilities

SensioLabs' Security Checker is a command line tool that checks if your application uses dependencies with known security vulnerabilities. Adding this to an existing project to automatically scan your composer file is really easy.

First add the tool as dependency for your project:

composer require sensiolabs/security-checker

Then open up your composer.json and add the following post-install and post-update commands:

"scripts": {
	"post-install-cmd": [
		"php vendor/bin/security-checker security:check --format=simple"
	"post-update-cmd": [
		"php vendor/bin/security-checker security:check --format=simple"

Now every time you do a composer install or composer update the security checker will evaluate your dependencies for security vulnerabilities. Cool right?


Tweet about this blog post and you will appear below!