Introducing Symfony Security Monitoring
Security is the hardest part of most applications. Even if you follow the latest best practices about security in your own code, there's still the issue of inspecting the third-party code of the dependencies used in your projects.
You can't review every single line of external code used in your application. That's why we've created Symfony Security Monitoring, a service that checks your dependencies continuously for known security vulnerabilities and it's compatible with any PHP project that uses Composer.
The service is simple to use: upload the contents of your
file and we'll start monitoring those packages and those exact versions
continuously to alert you as soon as a vulnerability is disclosed for them.
This continuous security monitoring is better than checking your dependencies automatically on your continuous integration platform. Instead of checking for vulnerabilities when building or deploying the project, we check them 24 hours a day, every day.
This service is also great for projects that you don't work on anymore or with a low maintenance. In those cases, continuous integration is not interesting anymore, and it's useful to have instead a bot that alerts you whenever a new vulnerability is discovered and impacts your project.
The pricing of the service is simple too. Instead of a monthly subscription, the service charges you once for three years of unlimited alerts and security checks for one project. The equivalent monthly price is as low as 2 euros.
This is another way to help Symfony¶
The service on its own is useful for lots of freelancers, agencies and tech companies, but there's another compelling reason to use it: revenues generated by this service fund the development of Open-Source projects like Symfony and Twig.
The Symfony project is lucky to have a very committed community. Out of the 25 million active GitHub repositories, Symfony is the 9th repository with most reviews. However, lots of people ask us how they can give something back to Symfony without contributing code.
Subscribing to Symfony Security Monitoring is the simplest way to contribute to Symfony: you get a valuable service and, at the same time, you are funding the development of Symfony. That's why we made the pricing of the service flexible, so you can decide how much you want to help Symfony.