davidepastore/composer-audit
最新稳定版本:v0.1.0
Composer 安装命令:
composer require davidepastore/composer-audit
包简介
Composer plugin to check your composer.lock
README 文档
README
Warning This project is not maintained anymore. Since version 2.4.0-RC1, Composer officially supports the
auditcommand that checks for known security vulnerabilities.
composer-audit
A composer plugin that checks if your application uses dependencies with known security vulnerabilities (it uses SensioLabs Security Checker).
Installation
Using the composer command:
$ composer require davidepastore/composer-audit:0.1.*
Manually adding in composer.json:
"require": { "davidepastore/composer-audit": "0.1.*" }
Usage
The checker will be executed when you launch composer install or composer update.
If you have alerts in your composer.lock, composer-audit will print them. An example could be this:
ALERTS from SensioLabs security advisories.
*** dompdf/dompdf[v0.6.0] ***
* dompdf/dompdf/CVE-2014-2383.yaml
Arbitrary file read in dompdf
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2383/
CVE-2014-2383
Please fix these alerts from SensioLabs security advisories.
If no alert is found, you'll get this:
All good from SensioLabs security advisories.
Issues
If you have issues, just open one here.
统计信息
- 总下载量: 19
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 9
- 点击次数: 0
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2015-02-10