fancyguy/composer-security-check-plugin
Composer 安装命令:
composer require fancyguy/composer-security-check-plugin
包简介
Checks installed dependencies against SensioLabs security advisory database
README 文档
README
For global install:
composer global require fancyguy/composer-security-check-plugin
For project install:
composer require fancyguy/composer-security-check-plugin
Run these commands to see some sample behavior:
mkdir insecure-project
cd insecure-project
composer init --name="insecure/project" --description="insecure project" -l MIT -n
composer require symfony/symfony:2.5.2
composer require fancyguy/composer-security-check-plugin
composer audit
composer audit --format=simple
composer audit --format=json
composer validate
composer require symfony/symfony --update-with-all-dependencies
composer audit
By default this tool uploads your composer.lock file to the security.symfony.com webservice which uses the checks from https://github.com/FriendsOfPHP/security-advisories.
You can check offline by downloading a local version of this repo and specify its path using:
composer audit --audit-db /path/to/security-advisories
Inspired on: https://github.com/sensiolabs/security-checker
Alternative: https://github.com/Roave/SecurityAdvisories
统计信息
- 总下载量: 3.49k
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 8
- 点击次数: 2
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2018-06-08