Security Checker Phing Task

Security Checker Phing Task

About a year and a half ago Fabien Potencier announced the PHP Security Advisories Database initiative. Part of the initiative the SensioLabs Security Advisories Checker (beta) website came to life. The website and the api behind it makes it very easy to check your composer.lock file for dependencies which "have issues". Either upload your composer.lock file to the website or use the CLI tool to communicate with the api directly. About 2 weeks ago Fabien took the next step forward and announced that the Security Advisories Database is distributed as public domain and as such can now be "controlled" by the community.

To compliment Fabien`s move I decided to put the Security Checker Phing task which I built for us a few months ago out in the wild. To use the Phing task in your Phing setup, add the following dependency to your composer.json file:

{
    "require": {
        "bitexpert/phing-securitychecker": "0.1.*@stable"
    }
}


Import the default build.xml to let Phing know about the Security Checker task:

<import file="vendor/bitexpert/phing-securitychecker/build.xml" />


Call the Phing task from one of your build targets:

<securitychecker lockfile="composer.lock" />


Eintrag von Stephan Hochdörfer am 04.11.2014

Tags: Phing, Security Checker, Security Advisories

Diese Webseite verwendet Cookies, um die Bedienfreundlichkeit zu erhöhen. Mit der Nutzung unserer Webseite wird das Einverständnis erklärt, dass wir Cookies verwenden. Weitere Informationen.