notfloran/phing-composer-security-checker

Phing task that use Sensio Security Advisories Checker to checks if your application uses dependencies with known security vulnerabilities.

Maintainers

Details

github.com/notFloran/phing-composer-security-checker

Homepage

Source

Issues

Installs: 909

Dependents: 0

Suggesters: 0

Security: 0

Stars: 6

Watchers: 3

Forks: 0

Open Issues: 0

v1.0.0 2014-04-12 18:31 UTC

Requires

MIT 0ecb548c17c224e9079bd6c333c345fda055307a

  • Floran Brutel <contact.woop@floran.fr>

securitycomposerphing

This package is auto-updated.

Last update: 2024-04-17 08:40:18 UTC

README

Packagist Packagist

A Phing task that use Sensio Security Advisories Checker to checks if your application uses dependencies with known security vulnerabilities.

Installation

The preferred way of installation is through Composer. Add notfloran/phing-composer-security-checker as a requirement to composer.json:

{
    "require": {
        "notfloran/phing-composer-security-checker": "~1.0"
    }
}

Example

Let Phing know about the Security Checker task:

    <taskdef name="security-checker" classname="notFloran\SecurityChecker\PhingTask" />

Then :

    <security-checker />

Or :

    <security-checker file="/var/www/symfony/composer.lock" />

With all attributes :

    <security-checker file="/var/www/symfony/composer.lock"  haltOnError="false" format="text" outputProperty="alerts" />
    <echo msg="Alerts : ${alerts} ..." />

Attributes :

  • file : path to the composer.lock file (default: composer.lock)
  • haltOnError : indicate if an exception is thrown or not when vulnerabilities are detected (default: true)
  • format : format of the list of vulnerabilities (json or text) (default: text)
  • outputProperty : property name to set with output value

License

phing-composer-security-checker is released under the MIT public license.