Security Advisory Checker

The SensioLabs Security Checker is a command line tool that checks if your application uses dependencies with known security vulnerabilities. It uses the SensioLabs Security Check Web service and the Security Advisories Database behind the scenes.

https://github.com/sensiolabs/security-checker

This page refers to an outdated configuration. If you would like to run the SensioLabs Security Checker, please run it as a regular command during the build process instead.

Configuration

You can enable Security Advisory Checker with the following configuration:

tools:
    sensiolabs_security_checker: true
Note: Enabling this tool, will transmit the composer.lock file of your project to a server operated by SensioLabs.

Also make sure that the composer.lock file is scanned as per your filter settings. A change here is typically needed if you explicitly define scanned paths:

filter:
    # Add composer.lock if you explicitly list scanned paths, and do not scan all paths by default.
    paths:
        - src/
        - composer.lock