Static Security Checker

Last updated: June 16, 2021

Edit on GitHub

The Spryker static Security Checker allows you to detect packages with security vulnerabilities. It is based on the Local PHP Security Checker.

Installation

To install the Security Checker, run:

composer require --dev spryker-sdk/security-checker

Configuration

Having installed the Security Checker, enable it in ConsoleDependencyProvider:

class ConsoleDependencyProvider
{
    protected function getConsoleCommands(Container $container): array
    {
        $commands = [];
        ...
        if (class_exists(SecurityCheckerCommand::class)) {
            $commands[] = new SecurityCheckerCommand();
        }
        ...
        return $commands;
    }
}

Usage

Run the following command to check for security issues in the composer.lock file:

vendor/bin/console security:check

False-positive vulnerability CVE-NONE-0001

There is a known false-positive issue CVE-NONE-0001. This issue is not valid. We have suspended the notice about it. If you want the details of the suspended notice, run

vendor/bin/console security:check -v

Was this article helpful?

Tell us what could be better

Name (Optional)

Email (Optional) Invalid email format.

Type your thoughts here

We appreciate the time you took to share the feedback
and will consider it as soon as possible.

Static Security Checker

Installation

Configuration

Usage

Thank you!