SensioLabs Security Checker

(( gitHubWatchers )) (( gitHubStars )) (( gitHubForks ))

SensioLabs Security Checker is a command line tool that checks if your application uses dependencies with known security vulnerabilities.

This tool is backed by the SensioLabs Security Check Web service and the PHP Security Advisories Database.

Usage

Checking your composer file can be done in several ways:

  • Upload your composer.lock file on ;

  • Use it as a CLI tool:

    php security-checker security:check /path/to/composer.lock

  • Use the web service with curl:

    curl -H "Accept: text/plain" https://security.sensiolabs.org/check_lock -F [email protected]/path/to/composer.lock

    It will return all vulnerabilities detected in your dependencies in plain text. You can also retrieve the information in the JSON format:

    curl -H "Accept: application/json" https://security.sensiolabs.org/check_lock -F [email protected]/path/to/composer.lock

Installation

Install from a PHP Archive (with curl or wget)

The PHPUnit documentation has a clear manual on how to install PHARs on Windows.

If you have the Suhosin extension enabled, make sure to allow the execution of PHARs in your php.ini:
suhosin.executor.include.whitelist = phar

Locally (No HTTPS)

Download it:
wget -O security-checker.phar http://get.sensiolabs.org/security-checker.phar
or
curl -sSL http://get.sensiolabs.org/security-checker.phar -o security-checker.phar
Use it:
php security-checker.phar

Globally (No HTTPS)

Download it:
wget -O security-checker.phar http://get.sensiolabs.org/security-checker.phar
or
curl -sSL http://get.sensiolabs.org/security-checker.phar -o security-checker.phar
Install it as an executable:
chmod a+x security-checker.phar
sudo mv security-checker.phar /usr/local/bin/security-checker
Use it:
security-checker