SensioLabs Security Checker
- Author(s)
- (( authors ))
- Company
- (( companies ))
- (( resource.label ))
- (( resource.mask ))
- Dependencies
- (( dependencies ))
SensioLabs Security Checker is a command line tool that checks if your application uses dependencies with known security vulnerabilities.
This tool is backed by the Symfony Security Monitoring service and the PHP Security Advisories Database.
Usage
Checking your composer file can be done in several ways:
-
Use it as a CLI tool:
php checker security:check /path/to/composer.lock -
Use the web service with curl:
curl -H "Accept: text/plain" https://security.symfony.com/check_lock -F lock=@/path/to/composer.lockIt will return all vulnerabilities detected in your dependencies in plain text. You can also retrieve the information in the JSON format:
curl -H "Accept: application/json" https://security.symfony.com/check_lock -F lock=@/path/to/composer.lock
Installation
Install from a PHP Archive (with curl or wget)
The PHPUnit documentation has a clear manual on how to install PHARs on Windows.
If you have the Suhosin extension enabled,
make sure to allow the execution of PHARs in your php.ini:
suhosin.executor.include.whitelist = phar
Locally (No HTTPS)
Download it:wget -O security-checker.phar http://get.sensiolabs.org/security-checker.phar
or
curl -sSL http://get.sensiolabs.org/security-checker.phar -o security-checker.phar
Use it:
php security-checker.phar
Globally (No HTTPS)
Download it:wget -O security-checker.phar http://get.sensiolabs.org/security-checker.phar
or
curl -sSL http://get.sensiolabs.org/security-checker.phar -o security-checker.phar
Install it as an executable:
chmod a+x security-checker.phar
sudo mv security-checker.phar /usr/local/bin/security-checker
Use it:
security-checker