notfloran/phing-composer-security-checker

Phing task that use Sensio Security Advisories Checker to checks if your application uses dependencies with known security vulnerabilities.

v1.0.0 2014-04-12 18:31 UTC

README

Packagist Packagist

A Phing task that use Sensio Security Advisories Checker to checks if your application uses dependencies with known security vulnerabilities.

Installation

The preferred way of installation is through Composer. Add notfloran/phing-composer-security-checker as a requirement to composer.json:

{
    "require": {
        "notfloran/phing-composer-security-checker": "~1.0"
    }
}

Example

Let Phing know about the Security Checker task:

    <taskdef name="security-checker" classname="notFloran\SecurityChecker\PhingTask" />

Then :

    <security-checker />

Or :

    <security-checker file="/var/www/symfony/composer.lock" />

With all attributes :

    <security-checker file="/var/www/symfony/composer.lock"  haltOnError="false" format="text" outputProperty="alerts" />
    <echo msg="Alerts : ${alerts} ..." />

Attributes :

  • file : path to the composer.lock file (default: composer.lock)
  • haltOnError : indicate if an exception is thrown or not when vulnerabilities are detected (default: true)
  • format : format of the list of vulnerabilities (json or text) (default: text)
  • outputProperty : property name to set with output value

License

phing-composer-security-checker is released under the MIT public license.