The website explains how it works in details (https://security.sensiolabs.org/), but basically, this initiative gives you several ways to check for security issues in your project dependencies based on the information contained in you
composer.lockfile (you are using Composer to manage your dependencies, right?):
- The website itself allows you to upload a
composer.lockto check for vulnerabilities;
- A web service can used with curl or to integrate that tool into your own continuous integration process (it returns its results as plain text or as a JSON array);
- A command line tool gives you the same feature as the web service and the website but nicely packaged as a simple Symfony command.
Friday, February 22, 2013
SensioLabs Security Advisories Checker
Nytt initiativ från SensioLabs.