for testing and deploying your application
for finding and fixing issues
for empowering human code reviews
<?php
namespace Jorijn\LaravelSecurityChecker\Console;
use Illuminate\Console\Command;
use SensioLabs\Security\Formatters\SimpleFormatter;
use SensioLabs\Security\SecurityChecker;
class SecurityCommand extends Command
{
/**
* @var string
*/
protected $name = 'security-check:now';
protected $description = 'Checks composer.lock for any vulnerabilities against the SensioLabs checker.';
* @var SecurityChecker
protected $checker;
* SecurityCommand constructor.
* @param SecurityChecker $checker
public function __construct(SecurityChecker $checker)
parent::__construct();
$this->checker = $checker;
}
*
public function fire()
// get the path to composer.lock
$composerLock = base_path('composer.lock');
base_path
If this is a false-positive, you can also ignore this issue in your code via the ignore-call annotation
ignore-call
$composerLock = /** @scrutinizer ignore-call */ base_path('composer.lock');
// and feed it into the SecurityChecker
$checkResult = $this->checker->check($composerLock);
// then display it using the formatter provided for Symfony
app(SimpleFormatter::class)->displayResults($this->getOutput(), $composerLock, $checkResult);
app
/** @scrutinizer ignore-call */ app(SimpleFormatter::class)->displayResults($this->getOutput(), $composerLock, $checkResult);