@@ -224,21 +224,30 @@ require --no-unpack ...`` option to disable unpacking.
224224Checking Security Vulnerabilities
225225---------------------------------
226226
227- A good and recommended security practice is to check from time to time whether your
228- project's dependencies contain any known security vulnerabilities. You can leverage the
229- ` Local PHP Security Checker `_ to do so.
227+ The `` symfony `` binary created when you ` install Symfony CLI `_ provides a command
228+ to check whether your project's dependencies contain any known security
229+ vulnerability:
230230
231- You can also execute this process regularly to be able to
231+ .. code-block :: terminal
232+
233+ $ symfony check:security
234+
235+
232236update or replace compromised dependencies as soon as possible. The security
233237check is done locally by fetching the public `PHP security advisories database `_,
234238so your ``composer.lock `` file is not sent on the network.
235239
240+ The ``check:security `` command terminates with a non-zero exit code if any of
241+ your dependencies is affected by a known security vulnerability. This way you
242+ can add it to your project build process and your continuous integration
243+ workflows to make them fail when there are vulnerabilities.
244+
236245.. tip ::
237246
238- The `` check:security `` command terminates with a non-zero exit code if
239- any of your dependencies is affected by a known security vulnerability .
240- This way you can add it to your project build process and your continuous
241- integration workflows to make them fail when there are vulnerabilities .
247+ In continuous integration services you can check security vulnerabilities
248+ using a different stand-alone project called ` Local PHP Security Checker `_ .
249+ This is the same project used internally by `` check:security `` but much
250+ smaller in size than the entire Symfony CLI .
242251
243252Symfony LTS Versions
244253--------------------
0 commit comments