Giters

helturkey / security-checker

A PHP dependency vulnerabilities scanner based on the Security Advisories Database.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Enlightn Security Checker

tests MIT Licensed Latest Stable Version Total Downloads

The Enlightn Security Checker is a command line tool that checks if your application uses dependencies with known security vulnerabilities. It uses the Security Advisories Database.

Usage

To check for security vulnerabilities in your dependencies, you may run the security:check command after a global composer require:

php security-checker security:check /path/to/composer.lock

This command will return a success status code of 0 if there are no vulnerabilities and 1 if there is at least one vulnerability.

API

You may also use the API directly in your own code like so:

use Enlightn\SecurityChecker\SecurityChecker;

$result = (new SecurityChecker)->check('/path/to/composer.lock');

The result above is in JSON format. The key is the package name and the value is an array of vulnerabilities based on your package version. An example is as below:

{
  "laravel/framework": {
    "version": "8.22.0",
    "time": "2021-01-13T13:37:56+00:00",
    "advisories": [{
      "title": "Unexpected bindings in QueryBuilder",
      "link": "https://blog.laravel.com/security-laravel-62011-7302-8221-released",
      "cve": null
    }]
  }
}

Contribution Guide

Thank you for considering contributing to the Enlightn security-checker project! The contribution guide can be found here.

License

The Enlightn security checkers licensed under the MIT license.

About

A PHP dependency vulnerabilities scanner based on the Security Advisories Database.

License:MIT License

Languages

Language:PHP 100.0%