Amsterdam Nov. 21-23, 2019
Paris (France) March 28-29, 2019
Tunis (Tunisia) April 27, 2019
São Paulo (Brazil) May 16-17, 2019
Warszawa (Poland) June 13-14, 2019
London (UK) Sep. 13, 2019
Berlin (Germany) Sep. 24-27, 2019
New York (USA) Q4, 2019
  1. Home
  2. Documentation
  3. Security
  4. How to Check for Known Security Vulnerabilities in Your Dependencies
WARNING: You are browsing the documentation for Symfony 4.1 which is not maintained anymore. Consider upgrading your projects to Symfony 4.2.

How to Check for Known Security Vulnerabilities in Your Dependencies

4.1 version
Maintained
3.4 4.2 current 4.3 master
Unmaintained
2.7 2.8 3.0 3.1 3.2 3.3 4.0

How to Check for Known Security Vulnerabilities in Your Dependencies

When using lots of dependencies in your Symfony projects, some of them may contain security vulnerabilities. That's why Symfony provides a command called security:check that checks your composer.lock file to find any known security vulnerability in your installed dependencies.

First, install the security checker in your project:

1
$ composer require sensiolabs/security-checker

Then run this command:

1
$ php bin/console security:check

A good security practice is to execute this command regularly to be able to update or replace compromised dependencies as soon as possible. Internally, this command uses the public security advisories database published by the FriendsOfPHP organization.

Tip

The security:check command terminates with a non-zero exit code if any of your dependencies is affected by a known security vulnerability. This allows you to add it to your project build process and your continuous integration workflows.

Tip

The security checker is also available as an independent console application and distributed as a PHAR file so you can use it in any PHP application. Check out the Security Checker repository for more details.

This work, including the code samples, is licensed under a Creative Commons BY-SA 3.0 license.