Security Advisory Checker¶
The SensioLabs Security Checker is a command line tool that checks if your application uses dependencies with known security vulnerabilities. It uses the SensioLabs Security Check Web service and the Security Advisories Database behind the scenes.
https://github.com/sensiolabs/security-checker
This page refers to an outdated configuration. If you would like to run the SensioLabs Security Checker, please run it as a regular command during the build process instead.
Configuration¶
You can enable Security Advisory Checker with the following configuration:
tools:
sensiolabs_security_checker: true
Note: Enabling this tool, will transmit the
composer.lock
file of your project to a server operated by SensioLabs.Also make sure that the composer.lock
file is scanned as per your filter
settings. A change here is typically
needed if you explicitly define scanned paths:
filter:
# Add composer.lock if you explicitly list scanned paths, and do not scan all paths by default.
paths:
- src/
- composer.lock