sts-gaming-group/athena

Security library that provides an additional layer of functionality over the composer audit, specifically tailored for managing ignored advisories.

Maintainers

Details

github.com/sts-gaming-group/athena-php

Source

Issues

Installs: 262

Dependents: 0

Suggesters: 0

Security: 0

Stars: 2

Watchers: 2

Forks: 0

Open Issues: 0

1.0.4 2024-05-13 11:36 UTC

Requires

Requires (Dev)

MIT c454e80299c2c85231db15cc21dfae8d0ff00aa7

  • Marcin Worwa <marcin.worwa.woop@sts.pl>

securityAudit

This package is auto-updated.

Last update: 2024-11-13 12:44:33 UTC

README

Athena-PHP is a security library that provides an additional layer of functionality over the composer audit, specifically tailored for managing ignored advisories.

Installation

Use composer to install Athena-PHP.

composer require sts-gaming-group/athena

Usage

Athena-PHP can be easily accessed through the vendor binaries:

php vendor/bin/athena

Ignoring Advisories

To ignore advisories, Athena-PHP utilizes a .cveignore file. This file should be created and maintained by the user.

The structure of the .cveignore file is as follows:

{
    "PKSA-hn62-zkx4-1y5q": {
        "expiry": 1653908558,
        "notes": "Test notes"
    },
    "PKSA-8ds9-sp96-ghmb": {
        "expiry": 1704074400,
        "notes": "Test notes"
    }
}

Each advisory to be ignored is represented by a JSON object. The key is the identifier of the advisory, and it contains an expiry (UNIX timestamp) indicating when the ignore will cease to be effective, and notes for any additional context or information.

Contributing

Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.

Please make sure to update tests as appropriate.

License

MIT