Download the PHP package enlightn/security-checker without Composer
On this page you can find all versions of the php package enlightn/security-checker. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download enlightn/security-checker
More information about enlightn/security-checker
Files in enlightn/security-checker
Package security-checker
Short Description A PHP dependency vulnerabilities scanner based on the Security Advisories Database.
License MIT
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package security-checker
Enlightn Security Checker
The Enlightn Security Checker is a command line tool that checks if your application uses dependencies with known security vulnerabilities. It uses the Security Advisories Database.
Installation Options
-
You may install the Enlightn Security Checker with Composer globally, for use with multiple projects:
-
You may also install the Enlightn Security Checker in your project as a dev dependency using Composer:
- Instead of installing via Composer, you may also download the security-checker.phar file. Then, in the commands below you can replace
security-checkerwithsecurity-checker.phar.
Usage
To check for security vulnerabilities in your dependencies, you may run the security:check command:
This command will return a success status code of 0 if there are no vulnerabilities and 1 if there is at least one vulnerability.
Note: You would need to provide the full path of the security-checker executable if the directory is not in your path. For instance:
Options
Format
By default, this command displays the result in ANSI. You may use the --format option to display the result in JSON instead:
Exclude Dev Dependencies
If you would like to exclude dev dependencies from the vulnerabilities scanning, you may use the --no-dev option (defaults to false):
Allow vulnerabilities
If you would like to exclude some vulnerabilities, you may use the --allow-list option by passing the CVE identifier, or the CVE title. You can pass multiple values as well:
Do not forget to wrap the title with quotes
Custom Directory for Caching Advisories Database
By default, the SecurityChecker API and the security:check command use the directory returned by the sys_get_temp_dir PHP function for storing the cached advisories database. If you wish to modify the directory, you may use the --temp-dir option:
API
You may also use the API directly in your own code like so:
The result above is an associative array. The key is the package name and the value is an array of vulnerabilities based on your package version. An example of the JSON encoded version is as below:
Contribution Guide
Thank you for considering contributing to the Enlightn security-checker project! The contribution guide can be found here.
License
The Enlightn security checkers licensed under the MIT license.
All versions of security-checker with dependencies
ext-json Version *
symfony/console Version ^7
symfony/finder Version ^3|^4|^5|^6|^7
symfony/process Version ^3.4|^4|^5|^6|^7
symfony/yaml Version ^3.4|^4|^5|^6|^7
guzzlehttp/guzzle Version ^6.3|^7.0