Cover of the book Symfony 5: The Fast Track

Symfony 5: The Fast Track is the best book to learn modern Symfony development, from zero to production. +300 pages showcasing Symfony with Docker, APIs, queues & async tasks, Webpack, SPAs, etc.

  1. Home
  2. Blog
  3. New in Symfony 2.6: The security:check command

New in Symfony 2.6: The security:check command

August 26, 2014 Avatar of Javier Eguiluz Javier Eguiluz

Warning: This post is about an unsupported Symfony version. Some of this information may be out of date. Read the most recent Symfony Docs.

Contributed by
Fabien Potencier
in #149.

Symfony 2.6 is going to be one of our most polished releases ever. As part of the DX initiative we are tweaking and simplifying each and every part of the framework, from the installer to the error pages.

In addition to these improvements, we are introducing some new features that are important for professional PHP development. One of those features is the new security:check command, which looks for known security vulnerabilities in your project's dependencies.

Using it is as simple as entering your project's directory and executing the following command:

1
$ php app/console security:check

This command looks for the composer.lock file of your project. Then it checks all the known vulnerabilities for the specific dependencies and versions that your project is using. If no problems are detected, you'll see the following message:

Symfony 2.6 Security Check (no error)

If there is any security problem with your dependencies, you'll see the following extended message which explains the exact vulnerability found for each dependency:

Symfony 2.6 Security Check (vulnerabilities found)

And for those of you with non-conventional project setups, the path for the composer.lock file is configurable. Just provide the absolute path of the file as the first argument of the command:

1
$ php app/console security:check /path/to/another/composer.lock

Internally, this command uses the SensioLabs Security Advisories Checker and the public database of vulnerabilities for PHP projects and libraries. Both services are open to the whole PHP community, and we encourage you to contribute security advisories for your own projects.

Help the Symfony project!

As with any Open-Source project, contributing code or documentation is the most common way to help, but we also have a wide range of sponsoring opportunities.

New in Symfony 2.6: The security:check command symfony.com/index.php/blog/new-in-symfony-2-6-the-security-check-command

Tweet this

Comments

Michal Mojzesz said on Aug 26, 2014 #1

Cool, does this command integrate with Monolog? So that we could raise an "emergency" log when running this command as a cronjob?

Ítalo Lelis de Vietro said on Aug 26, 2014 #2

Great improvement. Love it.

Arnaud Janssens said on Aug 26, 2014 #3

Very nice ! Can't wait for the 2.6 release :)

Lukas Kahwe Smith said on Aug 27, 2014 #4

@Michal: have a look at https://github.com/liip/LiipMonitorBundle if you are interested in integrating the security checks with your monitoring

Vazgen Manukyan said on Aug 27, 2014 #5

good news!

Piotr Gołębiewski said on Aug 27, 2014 #6

Killer feature :)

Peter Kokot said on Aug 27, 2014 #7

Looks good.

Damien Chiboub said on Aug 27, 2014 #8

Wish will be added in 2.3.* branch

Dirk Luijk said on Aug 27, 2014 #9

@Damien Chiboub:

For Symfony 2.5 or lower you could use the standalone CLI checker from https://github.com/sensiolabs/security-checker.

Download the PHAR from http://get.sensiolabs.org/security-checker.phar and use:
$ php security-checker.phar security:check composer.lock

Damien Chiboub said on Aug 28, 2014 #10

@Dirk Luijk thanks for this information, i will try.
So, it should be cool to integrate this to the 2.7 branch.

Comments are closed.

To ensure that comments stay relevant, they are closed for old posts.