Security Check Plugin for Composer

For global install:

composer global require fancyguy/composer-security-check-plugin

For project install:

composer require fancyguy/composer-security-check-plugin

Run these commands to see some sample behavior:

mkdir insecure-project
cd insecure-project
composer init --name="insecure/project" --description="insecure project" -l MIT -n
composer require symfony/symfony:2.5.2
composer require fancyguy/composer-security-check-plugin
composer audit
composer audit --format=simple
composer audit --format=json
composer validate
composer require symfony/symfony --update-with-all-dependencies
composer audit

By default this tool uploads your composer.lock file to the security.symfony.com webservice which uses the checks from https://github.com/FriendsOfPHP/security-advisories.

You can check offline by downloading a local version of this repo and specify its path using:

composer audit --audit-db /path/to/security-advisories

Inspired on: https://github.com/sensiolabs/security-checker

Alternative: https://github.com/Roave/SecurityAdvisories

Name		Name	Last commit message	Last commit date
Latest commit History 30 Commits
src		src
.gitignore		.gitignore
LICENSE		LICENSE
README.md		README.md
composer.json		composer.json
composer.lock		composer.lock

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

src

src

.gitignore

.gitignore

LICENSE

LICENSE

README.md

README.md

composer.json

composer.json

composer.lock

composer.lock

Repository files navigation

Security Check Plugin for Composer

About

Releases

Packages

Contributors 2

Languages

License

fancyguy/composer-security-check-plugin

Folders and files

Latest commit

History

Repository files navigation

Security Check Plugin for Composer

About

Topics

Resources

License

Stars

Watchers

Forks

Languages