A security checker for your composer.lock

v4.0.1 2017-02-18 17:53 UTC


The SensioLabs Security Checker is a command line tool that checks if your application uses dependencies with known security vulnerabilities. It uses the SensioLabs Security Check Web service and the Security Advisories Database.


Download the security-checker.phar file:

$ php security-checker.phar security:check /path/to/composer.lock

Use the code from the repository directly:

$ composer install
$ php security-checker security:check /path/to/composer.lock


The checker uses the Symfony Console component; so, you can easily integrate the checker into your own project:

  • by using the SecurityCheckerCommand class into your Symfony Console application;

  • by using the SecurityChecker class directly into your own code:

    use SensioLabs\Security\SecurityChecker;
    $checker = new SecurityChecker();
    $alerts = $checker->check('/path/to/composer.lock');