Static Security Checker

Edit on GitHub

The Spryker static Security Checker allows you to detect packages with security vulnerabilities. It is based on the Local PHP Security Checker.


To install the Security Checker, run

composer require --dev spryker-sdk/security-checker


Having installed the Security Checker, enable it in ConsoleDependencyProvider:

class ConsoleDependencyProvider
    protected function getConsoleCommands(Container $container): array
        $commands = [];
        if (class_exists(SecurityCheckerCommand::class)) {
            $commands[] = new SecurityCheckerCommand();
        return $commands;


Run the following command to check for security issues in the composer.lock file:

vendor/bin/console security:check
False-positive vulnerability CVE-NONE-0001

There is a known false-positive issue CVE-NONE-0001. The issue is not valid, and, therefore, we suspend the notice about it. If you want the details of the suspended notice, run

vendor/bin/console security:check -v