Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/fabpot/local-php-security-checker
PHP security vulnerabilities checker
https://github.com/fabpot/local-php-security-checker
composer packagist php security
Last synced: 2 months ago
JSON representation
PHP security vulnerabilities checker
- Host: GitHub
- URL: https://github.com/fabpot/local-php-security-checker
- Owner: fabpot
- License: agpl-3.0
- Archived: true
- Created: 2021-01-15T07:02:07.000Z (almost 4 years ago)
- Default Branch: main
- Last Pushed: 2024-08-02T14:20:08.000Z (4 months ago)
- Last Synced: 2024-09-26T08:38:44.336Z (3 months ago)
- Topics: composer, packagist, php, security
- Language: Go
- Homepage: https://github.com/FriendsOfPHP/security-advisories
- Size: 87.9 KB
- Stars: 1,173
- Watchers: 29
- Forks: 77
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
- Security: security/advisories.go
Awesome Lists containing this project
- DevSecOps - https://github.com/fabpot/local-php-security-checker - php-security-checker?style=for-the-badge)| (OSS and Dependency management)
- awesome-sca - Local PHP Security Checker
README
Local PHP Security Checker
==========================
**WARNING**: This repository is now archived. Use `composer audit` instead:
COMPOSER_AUDIT_ABANDONED=ignore composer audit
The Local PHP Security Checker is a command line tool that checks if your PHP
application depends on PHP packages with known security vulnerabilities. It
uses the [Security Advisories Database][1] behind the scenes.
Download a binary from the [Releases page on Github][2], rename it to
`local-php-security-checker` and make it executable.
From a directory containing a PHP project that uses Composer, check for known
vulnerabilities by running the binary without arguments or flags:
$ local-php-security-checker
You can also pass a `--path` to check a specific directory:
$ local-php-security-checker --path=/path/to/php/project
$ local-php-security-checker --path=/path/to/php/project/composer.lock
By default, the output is optimized for terminals, change it via the `--format`
flag (supported formats: `ansi`, `markdown`, `json`, `junit`, and `yaml`):
$ local-php-security-checker --format=json
All packages are checked for security vulnerabilities by default. You can skip the checks for packages listed in `require-dev` by passing the `no-dev` flag:
$ local-php-security-checker --no-dev
When running the command, it checks for an updated vulnerability database and
downloads it from Github if it changed since the last run. If you want to avoid
the HTTP round-trip, use `--local`. To force a database update without checking
for a project, use `--update-cache`.
If you want to continuously check for security issues on your applications in
production, you can use this tool in combination with [croncape][3] to get an
email whenever a new security issue is detected:
[email protected]
50 23 * * * croncape php-security-checker --path=/path/to/php/project
This tool returns the following codes
| Code | Actions |
|------|------------------------------------------------------------------------------------|
| 0 | `--help`
Successful run |
| 1 | At least one vulnerability is found |
| 2 | Invalid `--format` option |
| 127 | Unable to load database
Unable to find lock file
GitHub output not available |
[1]: https://github.com/FriendsOfPHP/security-advisories
[2]: https://github.com/fabpot/local-php-security-checker/releases
[3]: https://github.com/symfonycorp/croncape