About a year and a half ago Fabien Potencier announced the PHP Security Advisories Database initiative. Part of the initiative the SensioLabs Security Advisories Checker (beta) website came to life. The website and the api behind it makes it very easy to check your composer.lock file for dependencies which "have issues". Either upload your composer.lock file to the website or use the CLI tool to communicate with the api directly. About 2 weeks ago Fabien took the next step forward and announced that the Security Advisories Database is distributed as public domain and as such can now be "controlled" by the community.
To compliment Fabien's move I decided to put the Security Checker Phing task which I built for us a few months ago out in the wild. To use the Phing task in your Phing setup, add the following dependency to your composer.json file:
Import the default build.xml to let Phing know about the Security Checker task:
<import file="vendor/bitexpert/phing-securitychecker/build.xml" />
Call the Phing task from one of your build targets:
<securitychecker lockfile="composer.lock" />