{"id":25249676,"url":"https://github.com/enlightn/security-checker","last_synced_at":"2025-05-15T16:02:14.948Z","repository":{"id":41106846,"uuid":"330741122","full_name":"enlightn/security-checker","owner":"enlightn","description":"A PHP dependency vulnerabilities scanner based on the Security Advisories Database.","archived":false,"fork":false,"pushed_at":"2023-12-16T13:43:30.000Z","size":380,"stargazers_count":326,"open_issues_count":6,"forks_count":25,"subscribers_count":8,"default_branch":"main","last_synced_at":"2025-05-11T12:48:47.657Z","etag":null,"topics":["php","security","security-scanner","vulnerability-scanner","vulnerability-scanning"],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/enlightn.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-01-18T17:35:51.000Z","updated_at":"2025-05-02T05:54:57.000Z","dependencies_parsed_at":"2024-06-18T10:58:22.339Z","dependency_job_id":"55992a3e-96b0-4b0c-b2a2-4971ea7c259f","html_url":"https://github.com/enlightn/security-checker","commit_stats":{"total_commits":69,"total_committers":8,"mean_commits":8.625,"dds":"0.23188405797101452","last_synced_commit":"196bacc76e7a72a63d0e1220926dbb190272db97"},"previous_names":[],"tags_count":15,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/enlightn%2Fsecurity-checker","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/enlightn%2Fsecurity-checker/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/enlightn%2Fsecurity-checker/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/enlightn%2Fsecurity-checker/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/enlightn","download_url":"https://codeload.github.com/enlightn/security-checker/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254374388,"owners_count":22060609,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["php","security","security-scanner","vulnerability-scanner","vulnerability-scanning"],"created_at":"2025-02-12T03:39:35.306Z","updated_at":"2025-05-15T16:02:14.875Z","avatar_url":"https://github.com/enlightn.png","language":"PHP","funding_links":[],"categories":["Security"],"sub_categories":[],"readme":"# Enlightn Security Checker\n\n![tests](https://github.com/enlightn/security-checker/workflows/tests/badge.svg?branch=main)\n[![MIT Licensed](https://img.shields.io/badge/license-MIT-brightgreen.svg?style=flat-square)](LICENSE.md)\n[![Latest Stable Version](https://poser.pugx.org/enlightn/security-checker/v/stable?format=flat-square)](https://packagist.org/packages/enlightn/security-checker)\n[![Total Downloads](https://img.shields.io/packagist/dt/enlightn/security-checker.svg?style=flat-square)](https://packagist.org/packages/enlightn/security-checker)\n\nThe Enlightn Security Checker is a command line tool that checks if your\napplication uses dependencies with known security vulnerabilities. It uses the [Security Advisories Database](https://github.com/FriendsOfPHP/security-advisories).\n\n## Installation Options\n\n1. You may install the Enlightn Security Checker with Composer globally, for use with multiple projects:\n\n```bash\ncomposer global require enlightn/security-checker\n```\n\n2. You may also install the Enlightn Security Checker in your project as a dev dependency using Composer:\n\n```bash\ncomposer require --dev enlightn/security-checker\n```\n\n3. Instead of installing via Composer, you may also download the [security-checker.phar](https://www.laravel-enlightn.com/security-checker.phar) file. Then, in the commands below you can replace `security-checker` with `security-checker.phar`.\n\n## Usage\n\nTo check for security vulnerabilities in your dependencies, you may run the `security:check` command: \n\n```bash\nphp security-checker security:check /path/to/composer.lock\n```\n\nThis command will return a success status code of `0` if there are no vulnerabilities and `1` if there is at least one vulnerability.\n\n**Note**: You would need to provide the full path of the security-checker executable if the directory is not in your path. For instance:\n\n```bash\nphp vendor/bin/security-checker security:check /path/to/composer.lock\n```\n\n## Options\n\n### Format\n\nBy default, this command displays the result in ANSI. You may use the `--format` option to display the result in JSON instead:\n\n```bash\nphp security-checker security:check /path/to/composer.lock --format=json\n```\n\n### Exclude Dev Dependencies\n\nIf you would like to exclude dev dependencies from the vulnerabilities scanning, you may use the `--no-dev` option (defaults to false):\n\n```bash\nphp security-checker security:check /path/to/composer.lock --no-dev\n```\n\n### Allow vulnerabilities\n\nIf you would like to exclude some vulnerabilities, you may use the `--allow-list` option by passing the CVE identifier, or the CVE title. You can pass multiple values as well:\n\n```bash\nphp security-checker security:check /path/to/composer.lock --allow-list CVE-2018-15133 --allow-list \"untrusted X-XSRF-TOKEN value\"\n```\n\nDo not forget to wrap the title with quotes\n\n### Custom Directory for Caching Advisories Database\n\nBy default, the `SecurityChecker` API and the `security:check` command use the directory returned by the `sys_get_temp_dir` PHP function for storing the cached advisories database. If you wish to modify the directory, you may use the `--temp-dir` option:\n\n```bash\nphp security-checker security:check /path/to/composer.lock --temp-dir=/tmp\n```\n\n## API\n\nYou may also use the API directly in your own code like so:\n\n```php\nuse Enlightn\\SecurityChecker\\SecurityChecker;\n\n$result = (new SecurityChecker)-\u003echeck('/path/to/composer.lock');\n```\n\nThe result above is an associative array. The key is the package name and the value is an array of vulnerabilities based on your package version. An example of the JSON encoded version is as below:\n\n```json\n{\n  \"laravel/framework\": {\n    \"version\": \"8.22.0\",\n    \"time\": \"2021-01-13T13:37:56+00:00\",\n    \"advisories\": [{\n      \"title\": \"Unexpected bindings in QueryBuilder\",\n      \"link\": \"https://blog.laravel.com/security-laravel-62011-7302-8221-released\",\n      \"cve\": null\n    }]\n  }\n}\n```\n\n## Contribution Guide\n\nThank you for considering contributing to the Enlightn security-checker project! The contribution guide can be found [here](https://www.laravel-enlightn.com/docs/getting-started/contribution-guide.html).\n\n## License\n\nThe Enlightn security checkers licensed under the [MIT license](LICENSE.md).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fenlightn%2Fsecurity-checker","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fenlightn%2Fsecurity-checker","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fenlightn%2Fsecurity-checker/lists"}