element119/module-sansec-composer-integrity-checker

A Magento 2 module wrapper for the Sansec Composer Integrity plugin.

1.2.0 2023-05-18 00:18 UTC

This package is auto-updated.

Last update: 2024-11-18 04:16:52 UTC


README

📝 Features

✔️ Identify potentially unwanted changes made to your project dependencies using the Sansec Composer integrity plugin

✔️ Scan files automatically via cron or as a manual admin action

✔️ Email and admin notifications for packages that do not meet your desired integrity rating

✔️ Configure a safe list to reduce the noise generated by the scanner

✔️ Supports Magento Open Source and Adobe Commerce

✔️ Theme agnostic

✔️ Dedicated module configuration section secured with custom admin user controls

✔️ Seamless integration with Magento

✔️ Built with developers and extensibility in mind to make customisations as easy as possible

✔️ Installable via Composer


🔌 Installation

Run the following command to install this module:

composer require element119/module-sansec-composer-integrity-checker
php bin/magento setup:upgrade

Post-Installation Steps

It is also recommended that you enable the scans and lock the related config value:

php bin/magento config:set --lock-config system/sansec_composer_integrity_checker/scan_enable 1

⏫ Updating

Run the following command to update this module:

composer update element119/module-sansec-composer-integrity-checker
php bin/magento setup:upgrade

❌ Uninstallation

Run the following command to uninstall this module:

composer remove element119/module-sansec-composer-integrity-checker
php bin/magento setup:upgrade

📚 User Guide

Configuration for this module can be found in the Magento admin under Stores -> Settings -> Configuration -> Advanced -> System -> Sansec Composer Integrity Checker


Scan Results Grid

The results of the most recent scan can be seen in the admin by navigating to Reports -> Sansec Composer Integrity Checker -> Integrity Status.


Enable/Disable Scanning

The Sansec Composer integrity scan can be disabled by setting this option to No. This is set to Yes by default.


Match Percentage Threshold for Notification

The value specified here determines the minimum match percentage required for the integrity checks to be considered sucessful. Admins will be notified of any packages that fail to meet this number via a warning and email notifications will be sent if enabled.


Only Show Failures in Admin Grid

Determines whether to only show packages that have failed to meet the match threshold in the admin grid. This feature is disabled by default but can be enabled by setting this option to Yes.


Report Integrity Failures by Email

Allow emails to be sent when the Sansec Composer integrity checker finds discrepancies with your dependency files. This feature is disabled by default but can be enabled by setting this option to Yes. Once enabled you will be able to configure a threshold for dependency matching as well as a list of email address to notify when a failure occurs.


Report Errors To

This option is only considered when integrity failure emails are enabled. These dynamic rows allow you to configure a series of email addresses that should be notified when packages fail to meet the configured threshold.


Enable Package Ignore List

Allows specified packages to be removed from various reporting channels. This feature is disabled by default but can be enabled by setting this option to Yes.


Ignored Packages

This option is only considered when the package ignore list is enabled. These dynamic rows allow you to configure a set of packages that should be ignored for various reporting channels. The values expected here are the Composer package names in the format vendor/package-name.


Remove Ignored Packages from Admin Grid

This option is only considered when the package ignore list is enabled. This feature is disabled by default but can be enabled by setting this option to Yes. When enabled, ignored packages will be removed from the admin grid.


Remove Ignored Packages from Admin Notifications

This option is only considered when the package ignore list is enabled. This feature is disabled by default but can be enabled by setting this option to Yes. When enabled, ignored packages will not be considered when determining whether to display the admin notification and the number of packages it reports as having failed to meet the threshold.


Remove Ignored Packages from Email Notifications

This option is only considered when email notifications are enabled and when the package ignore list is enabled. This feature is disabled by default but can be enabled by setting this option to Yes. When enabled, ignored packages will be removed from email notifications.


📸 Screenshots & GIFs

Admin Configuration

admin-config


Admin Grid

admin-grid


Admin Notification

admin-notification


Example Email Notification

email-example