English spoken conference

Symfony 5: The Fast Track

A new book to learn about developing modern Symfony 5 applications.

Support this project

How to Check for Known Security Vulnerabilities in Your Dependencies

3.4 version
Unmaintained

How to Check for Known Security Vulnerabilities in Your DependenciesΒΆ

When using lots of dependencies in your Symfony projects, some of them may contain security vulnerabilities. That's why the Symfony local server includes a command called check:security that checks your composer.lock file to find known security vulnerabilities in your installed dependencies:

1
$ symfony check:security

A good security practice is to execute this command regularly to be able to update or replace compromised dependencies as soon as possible. The security check is done locally by cloning the security advisories database published by the FriendsOfPHP organization, so your composer.lock file is not sent on the network.

Tip

The check:security command terminates with a non-zero exit code if any of your dependencies is affected by a known security vulnerability. This way you can add it to your project build process and your continuous integration workflows to make them fail when there are vulnerabilities.

This work, including the code samples, is licensed under a Creative Commons BY-SA 3.0 license.