Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 1c97aa5

Browse filesBrowse files
javiereguiluzjaviereguiluz
committed
Merge branch '4.2'
* 4.2: Switch the security-check to the Symfony client one
2 parents adc2b6e + af16b40 commit 1c97aa5
Copy full SHA for 1c97aa5

File tree

Expand file treeCollapse file tree

1 file changed

+8
-24
lines changed
Filter options
Expand file treeCollapse file tree

1 file changed

+8
-24
lines changed

‎security/security_checker.rst

Copy file name to clipboardExpand all lines: security/security_checker.rst
+8-24Lines changed: 8 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -5,28 +5,19 @@ How to Check for Known Security Vulnerabilities in Your Dependencies
55
====================================================================
66

77
When using lots of dependencies in your Symfony projects, some of them may
8-
contain security vulnerabilities. That's why Symfony provides a command called
9-
``security:check`` that checks your ``composer.lock`` file to find any known
10-
security vulnerability in your installed dependencies.
11-
12-
First, install the security checker in your project:
13-
14-
.. code-block:: terminal
15-
16-
# require at least the 5.0 version of the package because older versions
17-
# checked the security vulnerabilities using a URL that is no longer available
18-
$ composer require sensiolabs/security-checker:^5.0
19-
20-
Then run this command:
8+
contain security vulnerabilities. That's why the :doc:`Symfony local server </setup/symfony_server>`
9+
includes a command called ``security:check`` that checks your ``composer.lock``
10+
file to find known security vulnerabilities in your installed dependencies:
2111

2212
.. code-block:: terminal
2313
24-
$ php bin/console security:check
14+
$ symfony security:check
2515
2616
A good security practice is to execute this command regularly to be able to
27-
update or replace compromised dependencies as soon as possible. Internally,
28-
this command uses the public `security advisories database`_ published by the
29-
FriendsOfPHP organization.
17+
update or replace compromised dependencies as soon as possible. The security
18+
check is done locally by cloning the `security advisories database`_ published
19+
by the FriendsOfPHP organization, so your ``composer.lock`` file is not sent on
20+
the network.
3021

3122
.. tip::
3223

@@ -35,11 +26,4 @@ FriendsOfPHP organization.
3526
This way you can add it to your project build process and your continuous
3627
integration workflows to make them fail when there are vulnerabilities.
3728

38-
.. tip::
39-
40-
The security checker is also available as an independent console application
41-
and distributed as a PHAR file so you can use it in any PHP application.
42-
Check out the `Security Checker repository`_ for more details.
43-
4429
.. _`security advisories database`: https://github.com/FriendsOfPHP/security-advisories
45-
.. _`Security Checker repository`: https://github.com/sensiolabs/security-checker

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.