SensioLabs Security Checker

Author(s)
Fabien Potencier
Company
SensioLabs
Website
https://security.sensiolabs.org/
License
MIT License
Demo
https://security.sensiolabs.org/check
GitHub
sensiolabs/security-checker
Packagist
sensiolabs/security-checker
DockerHub
phpqa/security-checker

0 0 0

SensioLabs Security Checker is a command line tool that checks if your application uses dependencies with known security vulnerabilities.

This tool is backed by the SensioLabs Security Check Web service and the PHP Security Advisories Database.

Usage

Checking your composer file can be done in several ways:

  • Upload your composer.lock file on https://security.sensiolabs.org/;

  • Use it as a CLI tool:

    php security-checker security:check /path/to/composer.lock

  • Use the web service with curl:

    curl -H "Accept: text/plain" https://security.sensiolabs.org/check_lock -F [email protected]/path/to/composer.lock

    It will return all vulnerabilities detected in your dependencies in plain text. You can also retrieve the information in the JSON format:

    curl -H "Accept: application/json" https://security.sensiolabs.org/check_lock -F [email protected]/path/to/composer.lock

Installation

Install from a PHP Archive (with curl or wget)

The PHPUnit documentation has a clear manual on how to install PHARs on Windows.

If you have the Suhosin extension enabled, make sure to allow the execution of PHARs in your php.ini:
suhosin.executor.include.whitelist = phar

Locally (No HTTPS)
Download it:
wget -O security-checker.phar http://get.sensiolabs.org/security-checker.phar
or
curl -sSL http://get.sensiolabs.org/security-checker.phar -o security-checker.phar
Use it:
php security-checker.phar
Globally (No HTTPS)
Download it:
wget -O security-checker.phar http://get.sensiolabs.org/security-checker.phar
or
curl -sSL http://get.sensiolabs.org/security-checker.phar -o security-checker.phar
Install it as an executable:
chmod a+x security-checker.phar
sudo mv security-checker.phar /usr/local/bin/security-checker
Use it:
security-checker