How to Check for Known Security Vulnerabilities in Your Dependencies
How to Check for Known Security Vulnerabilities in Your Dependencies¶
When using lots of dependencies in your Symfony projects, some of them may
contain security vulnerabilities. That’s why Symfony includes a command called
security:check that checks your composer.lock file to find any known
security vulnerability in your installed dependencies:
1 | $ php bin/console security:check
|
A good security practice is to execute this command regularly to be able to update or replace compromised dependencies as soon as possible. Internally, this command uses the public security advisories database published by the FriendsOfPHP organization.
Tip
The security:check command terminates with a non-zero exit code if
any of your dependencies is affected by a known security vulnerability.
Therefore, you can easily integrate it in your build process.
Note
To enable the security:check command, make sure the
SensioDistributionBundle is installed and enabled in your application.
This work, including the code samples, is licensed under a Creative Commons BY-SA 3.0 license.