sts-gaming-group / athena
Security library that provides an additional layer of functionality over the composer audit, specifically tailored for managing ignored advisories.
Requires
- php: >=8.1
- composer/composer: ^2.7
- symfony/console: >=6.2
Requires (Dev)
- phpunit/phpunit: ^10.1
- squizlabs/php_codesniffer: ^3.7
This package is auto-updated.
Last update: 2024-12-13 12:49:20 UTC
README
Athena-PHP is a security library that provides an additional layer of functionality over the composer audit, specifically tailored for managing ignored advisories.
Installation
Use composer to install Athena-PHP.
composer require sts-gaming-group/athena
Usage
Athena-PHP can be easily accessed through the vendor binaries:
php vendor/bin/athena
Ignoring Advisories
To ignore advisories, Athena-PHP utilizes a .cveignore
file. This file should be created and maintained by the user.
The structure of the .cveignore
file is as follows:
{ "PKSA-hn62-zkx4-1y5q": { "expiry": 1653908558, "notes": "Test notes" }, "PKSA-8ds9-sp96-ghmb": { "expiry": 1704074400, "notes": "Test notes" } }
Each advisory to be ignored is represented by a JSON object. The key is the identifier of the advisory, and it contains an expiry
(UNIX timestamp) indicating when the ignore will cease to be effective, and notes
for any additional context or information.
Contributing
Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.
Please make sure to update tests as appropriate.