Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit ee707c0

Browse filesBrowse files
javiereguiluzjaviereguiluz
committed
minor #11444 Switch the security-check to the Symfony client one (tucksaun)
This PR was merged into the 3.4 branch. Discussion ---------- Switch the security-check to the Symfony client one I'm targeting 3.4 as the Symfony web server PR (#11207) was merged into 3.4. Commits ------- cddab11 Switch the security-check to the Symfony client one
2 parents d7d3b15 + cddab11 commit ee707c0
Copy full SHA for ee707c0

File tree

Expand file treeCollapse file tree

1 file changed

+13
-21
lines changed
Filter options
Expand file treeCollapse file tree

1 file changed

+13
-21
lines changed

‎security/security_checker.rst

Copy file name to clipboardExpand all lines: security/security_checker.rst
+13-21Lines changed: 13 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -5,13 +5,19 @@ How to Check for Known Security Vulnerabilities in Your Dependencies
55
====================================================================
66

77
When using lots of dependencies in your Symfony projects, some of them may
8-
contain security vulnerabilities. That's why Symfony includes a command called
9-
``security:check`` that checks your ``composer.lock`` file to find any known
10-
security vulnerability in your installed dependencies:
8+
contain security vulnerabilities. That's why the Symfony client includes a
9+
command called ``security:check`` that checks your ``composer.lock`` file to
10+
find known security vulnerabilities in your installed dependencies:
1111

1212
.. code-block:: terminal
1313
14-
$ php bin/console security:check
14+
$ symfony security:check
15+
16+
.. tip::
17+
18+
The Symfony client is distributed as a free installable binary without any
19+
dependency and support for Linux, macOS and Windows. Go to `symfony.com/download`_
20+
and follow the instructions for your operating system.
1521

1622
A good security practice is to execute this command regularly to be able to
1723
update or replace compromised dependencies as soon as possible. Internally,
@@ -25,24 +31,10 @@ FriendsOfPHP organization.
2531
This way you can add it to your project build process and your continuous
2632
integration workflows to make them fail when there are vulnerabilities.
2733

28-
.. note::
29-
30-
To enable the ``security:check`` command, make sure the
31-
`SensioDistributionBundle`_ is installed and enabled in your application.
32-
33-
.. note::
34-
35-
Make sure that the installed version of the security checker package is at
36-
least 5.0 (run ``composer show sensiolabs/security-checker`` to show it).
37-
Older versions checked the security vulnerabilities using a URL that is no
38-
longer available and the command execution will result in an error.
39-
4034
.. tip::
4135

42-
The security checker is also available as an independent console application
43-
and distributed as a PHAR file so you can use it in any PHP application.
44-
Check out the `Security Checker repository`_ for more details.
36+
The security check is done locally: the `security advisories database`_ is
37+
cloned and your ``composer.lock`` file is not sent on the network.
4538

39+
.. _`symfony.com/download`: https://symfony.com/download
4640
.. _`security advisories database`: https://github.com/FriendsOfPHP/security-advisories
47-
.. _`SensioDistributionBundle`: https://github.com/sensiolabs/SensioDistributionBundle
48-
.. _`Security Checker repository`: https://github.com/sensiolabs/security-checker

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.