Static Security Checker

Edit on GitHub

The Spryker static Security Checker allows you to detect packages with security vulnerabilities. It is based on the Local PHP Security Checker.


To install the Security Checker, run:

composer require --dev spryker-sdk/security-checker


Having installed the Security Checker, enable it in ConsoleDependencyProvider:

class ConsoleDependencyProvider
    protected function getConsoleCommands(Container $container): array
        $commands = [];
        if (class_exists(SecurityCheckerCommand::class)) {
            $commands[] = new SecurityCheckerCommand();
        return $commands;


Run the following command to check for security issues in the composer.lock file:

vendor/bin/console security:check
False-positive vulnerability CVE-NONE-0001

There is a known false-positive issue CVE-NONE-0001. This issue is not valid. We have suspended the notice about it. If you want the details of the suspended notice, run

vendor/bin/console security:check -v