Download

How to Check for Known Security Vulnerabilities in Your Dependencies

3.1 version

edit this page

How to Check for Known Security Vulnerabilities in Your Dependencies¶

When using lots of dependencies in your Symfony projects, some of them may contain security vulnerabilities. That's why Symfony includes a command called security:check that checks your composer.lock file to find any known security vulnerability in your installed dependencies:

1	$ php bin/console security:check

A good security practice is to execute this command regularly to be able to update or replace compromised dependencies as soon as possible. Internally, this command uses the public security advisories database published by the FriendsOfPHP organization.

Tip

The security:check command terminates with a non-zero exit code if any of your dependencies is affected by a known security vulnerability. Therefore, you can easily integrate it in your build process.

Note

To enable the security:check command, make sure the SensioDistributionBundle is installed.

1	$ composer require 'sensio/distribution-bundle'

This work, including the code samples, is licensed under a Creative Commons BY-SA 3.0 license.

Getting Started

Guides

Components

Training

Certification

Master Symfony fundamentals

Discover the SensioLabs Support

How to Check for Known Security Vulnerabilities in Your Dependencies

How to Check for Known Security Vulnerabilities in Your Dependencies¶

A week of symfony #504 (22-28 August 2016) August 28, 2016

SymfonyLive London 2016 is in 3 weeks! August 25, 2016

A week of symfony #503 (15-21 August 2016) August 21, 2016

Symfony 3 Certification now available in 4,000 centers around the world!

Community

Blog