bitexpert/phing-securitychecker

v0.3.1 2017-05-26 08:53 UTC

README

A Phing task for interacting with the SensioLabs Security Advisories Checker to check if your application uses dependencies with known security vulnerabilities.

Build Status Dependency Status Coverage Status

Installation

The preferred way of installing bitexpert/phing-securitychecker is through Composer. Add bitexpert/phing-securitychecker as a dependency to composer.json:

composer.phar require bitexpert/phing-securitychecker

Example

Import the default build.xml to let Phing know about the Security Checker task:

    <import file="vendor/bitexpert/phing-securitychecker/build.xml" />

If you imported the default build.xml, you are able to define the lock file path as well the as the webservice endpoint by defining two properties in your main build.xml file:

    <property name="securitychecker.lockfile" value="composer.lock" />
    <property name="securitychecker.endpoint" value="https://security.sensiolabs.org/check_lock" />

Or define the securitychecker task on your own:

     <taskdef name="securitychecker" classname="bitExpert\Phing\SecurityChecker\SecurityCheckerTask" />

Call the task from your build target:

    <securitychecker lockfile="composer.lock" />

License

phing-securitychecker is released under the Apache 2.0 license.