Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/fancyguy/composer-security-check-plugin
Security check plugin for composer
https://github.com/fancyguy/composer-security-check-plugin
composer composer-plugin php security security-advisories
Last synced: 3 months ago
JSON representation
Security check plugin for composer
- Host: GitHub
- URL: https://github.com/fancyguy/composer-security-check-plugin
- Owner: fancyguy
- License: mit
- Created: 2018-06-08T11:46:48.000Z (over 6 years ago)
- Default Branch: master
- Last Pushed: 2020-10-26T14:21:40.000Z (about 4 years ago)
- Last Synced: 2024-09-30T08:04:09.856Z (3 months ago)
- Topics: composer, composer-plugin, php, security, security-advisories
- Language: PHP
- Homepage:
- Size: 43.9 KB
- Stars: 7
- Watchers: 2
- Forks: 4
- Open Issues: 7
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Security Check Plugin for Composer
For global install:
composer global require fancyguy/composer-security-check-plugin
For project install:
composer require fancyguy/composer-security-check-plugin
Run these commands to see some sample behavior:
mkdir insecure-project
cd insecure-project
composer init --name="insecure/project" --description="insecure project" -l MIT -n
composer require symfony/symfony:2.5.2
composer require fancyguy/composer-security-check-plugin
composer audit
composer audit --format=simple
composer audit --format=json
composer validate
composer require symfony/symfony --update-with-all-dependencies
composer auditBy default this tool uploads your `composer.lock` file to the [security.symfony.com](https://security.symfony.com/) webservice which uses the checks from https://github.com/FriendsOfPHP/security-advisories.
You can check offline by downloading a local version of this [repo](https://github.com/FriendsOfPHP/security-advisories) and specify its path using:
composer audit --audit-db /path/to/security-advisories
Inspired on: https://github.com/sensiolabs/security-checker
Alternative: https://github.com/Roave/SecurityAdvisories