You are browsing the Symfony 4 documentation, which changes significantly from Symfony 3.x. If your app doesn't use Symfony 4 yet, browse the Symfony 3.4 documentation.

How to Check for Known Security Vulnerabilities in Your Dependencies

How to Check for Known Security Vulnerabilities in Your DependenciesΒΆ

When using lots of dependencies in your Symfony projects, some of them may contain security vulnerabilities. That's why Symfony provides a command called security:check that checks your composer.lock file to find any known security vulnerability in your installed dependencies.

First, install the security checker in your project:

$ composer require security-checker

Then run this command:

$ php bin/console security:check

A good security practice is to execute this command regularly to be able to update or replace compromised dependencies as soon as possible. Internally, this command uses the public security advisories database published by the FriendsOfPHP organization.


The security:check command terminates with a non-zero exit code if any of your dependencies is affected by a known security vulnerability. Therefore, you can easily integrate it in your build process.

This work, including the code samples, is licensed under a Creative Commons BY-SA 3.0 license.