The Symfony binary is a must-have tool when developing Symfony applications on your local machine. It provides:

• The best way to create new Symfony applications;
• A powerful local web server to develop your projects with support for TLS certificates;
• A tool to check for security vulnerabilities;
• Seamless integration with Platform.sh.

Read the installation instructions on symfony.com.

Symfony binaries are signed using cosign, which is part of sigstore. Signatures can be verified as follows (OS and architecture omitted for clarity):

$ COSIGN_EXPERIMENTAL=1 cosign verify-blob --signature symfony-cli.sig symfony-cli
tlog entry verified with uuid: "2b7ca2bfb7ee09114a15d60761c2a0a8c97f07cc20c02e635a92ba137a08a6de" index: 1261963
Verified OK

The above uses the (currently experimental) keyless signing method. Alternatively, one can verify the signature by also providing the certificate:

$ cosign verify-blob --cert symfony-cli.pem --signature symfony-cli.sig symfony-cli
Verified OK

If you discover a security vulnerability, please follow our disclosure procedure.

Package repository hosting is graciously provided by cloudsmith. Cloudsmith is the only fully hosted, cloud-native, universal package management solution, that enables your organization to create, store and share packages in any format, to any place, with total confidence. We believe there’s a better way to manage software assets and packages, and they're making it happen!