Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/bringyourownideas/silverstripe-composer-security-checker
Provides information if your SilverStripe application uses dependencies with known vulnerabilities.
https://github.com/bringyourownideas/silverstripe-composer-security-checker
composer silverstripe silverstripe-maintenance vulnerabilities
Last synced: 3 months ago
JSON representation
Provides information if your SilverStripe application uses dependencies with known vulnerabilities.
- Host: GitHub
- URL: https://github.com/bringyourownideas/silverstripe-composer-security-checker
- Owner: bringyourownideas
- License: bsd-3-clause
- Created: 2015-08-03T11:52:54.000Z (over 9 years ago)
- Default Branch: master
- Last Pushed: 2023-06-21T21:05:22.000Z (over 1 year ago)
- Last Synced: 2024-09-28T08:41:32.313Z (3 months ago)
- Topics: composer, silverstripe, silverstripe-maintenance, vulnerabilities
- Language: PHP
- Homepage: https://bringyourownideas.com
- Size: 107 KB
- Stars: 9
- Watchers: 3
- Forks: 6
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: license.md
Awesome Lists containing this project
README
# SilverStripe Security Checker
**WARNING**: As of January 2021, this module no longer works because the underlying service has been shut down (see [announcement](https://github.com/sensiolabs/security-checker) and [discussion](https://github.com/bringyourownideas/silverstripe-composer-security-checker/issues/57)).
__NOTE__: This module is no longer commercially supported in Silverstripe CMS 5 and it does not provide a CMS5-compatible version.
[](https://travis-ci.org/bringyourownideas/silverstripe-composer-security-checker)
[](https://scrutinizer-ci.com/g/bringyourownideas/silverstripe-composer-security-checker/?branch=master)
[](https://codecov.io/gh/bringyourownideas/silverstripe-composer-security-checker)
Adds a task which runs a check if any of the dependencies has known security vulnerabilities. It uses the
[SensioLabs Security Check Web service](http://security.sensiolabs.org/) and the [Security Advisories Database](https://github.com/FriendsOfPHP/security-advisories).
BSD 3-clause [License](https://github.com/bringyourownideas/silverstripe-composer-security-checker/blob/master/license.md)
## Requirements
* SilverStripe Framework ^4
* SilverStripe QueuedJobs ^4
### Suggested Module
This module will automatically amend the SiteSummary report provided by the [SilverStripe Maintenance module](https://github.com/bringyourownideas/silverstripe-maintenance), adding alerts if security updates are present for installed modules.
## Installation
The following installation commands includes schedulding a queuedjob to populate the data. Run the following command to install this package as a development dependency:
```
composer require bringyourownideas/silverstripe-composer-security-checker 2.x-dev
vendor/bin/sake dev/build
vendor/bin/sake dev/tasks/ProcessJobQueueTask
```
## Usage
The information gets updated via a BuildTask, which in turn can be run via a queuedjob.
You will need to set up a scheduled process (e.g. `cron`) to run either the buildtask directly, or the task to process the queuedjobs queue in order to refresh the information.
Use the information is stored in the `SecurityAlert` object, and can be consumed as needed. Please be careful how you expose this information. If the SilverStripe Maintenance module is present, a relationship will be connected between `Package` and `SecurityAlert`.
## Documentation
Please see the user guide section of the [SilverStripe Maintenance module](https://github.com/bringyourownideas/silverstripe-maintenance/tree/1/docs/en/userguide).