SensioLabs Security Checker
The SensioLabs Security Checker is a command line tool that checks if your
application uses dependencies with known security vulnerabilities. It uses the
Security Check Web service and the Security Advisories Database.
TIP: As an alternative, you can use the Symfony CLI tool that has the
following advantages: it does not depend on PHP, all checks are done locally (no
calls to the security.symfony.com API):
$ symfony security:check
Usage
Download the security-checker.phar file:
$ php security-checker.phar security:check /path/to/composer.lock
Use the code from the repository directly:
$ composer install
$ php security-checker security:check /path/to/composer.lock
Integration
The checker uses the Symfony Console component; so, you can easily integrate
the checker into your own project:
-
by using the
SecurityCheckerCommandclass into your Symfony Console
application; -
by using the
SecurityCheckerclass directly into your own code:use SensioLabs\Security\SecurityChecker; $checker = new SecurityChecker(); $result = $checker->check('/path/to/composer.lock', 'json'); $alerts = json_decode((string) $result, true);