fabpot/ local-php-security-checker
Need help with local-php-security-checker?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.
About the developer
435 Stars 
18 Forks 
GNU Affero General Public License v3.0 
3 Commits 
15 Opened issues 
Description
PHP security vulnerabilities checker
Services available
Contributors list
Readme
Local PHP Security Checker
The Local PHP Security Checker is a command line tool that checks if your PHP application depends on PHP packages with known security vulnerabilities. It uses the Security Advisories Database behind the scenes.
Download a binary from the Releases page on Github, rename it to
local-php-security-checkerand make it executable.
From a directory containing a PHP project that uses Composer, check for known vulnerabilities by running the binary without arguments or flags:
$ local-php-security-checker
You can also pass a
--pathto check a specific directory:
$ local-php-security-checker --path=/path/to/php/project $ local-php-security-checker --path=/path/to/php/project/composer.lock
By default, the output is optimized for terminals, change it via the
--formatflag (supported formats:
ansi,
markdown,
json, and
yaml):
$ local-php-security-checker --format=json
When running the command, it checks for an updated vulnerability database and downloads it from Github if it changed since the last run. If you want to avoid the HTTP round-trip, use
--local. To force a database update without checking for a project, use
--update-cache.