notfloran / phing-composer-security-checker
Phing task that use Sensio Security Advisories Checker to checks if your application uses dependencies with known security vulnerabilities.
v1.0.0
2014-04-12 18:31 UTC
Requires
This package is auto-updated.
Last update: 2024-12-17 10:00:50 UTC
README
A Phing task that use Sensio Security Advisories Checker to checks if your application uses dependencies with known security vulnerabilities.
Installation
The preferred way of installation is through Composer. Add notfloran/phing-composer-security-checker
as a requirement to composer.json:
{ "require": { "notfloran/phing-composer-security-checker": "~1.0" } }
Example
Let Phing know about the Security Checker task:
<taskdef name="security-checker" classname="notFloran\SecurityChecker\PhingTask" />
Then :
<security-checker />
Or :
<security-checker file="/var/www/symfony/composer.lock" />
With all attributes :
<security-checker file="/var/www/symfony/composer.lock" haltOnError="false" format="text" outputProperty="alerts" /> <echo msg="Alerts : ${alerts} ..." />
Attributes :
- file : path to the composer.lock file (default: composer.lock)
- haltOnError : indicate if an exception is thrown or not when vulnerabilities are detected (default: true)
- format : format of the list of vulnerabilities (json or text) (default: text)
- outputProperty : property name to set with output value
License
phing-composer-security-checker is released under the MIT public license.