Security Advisories Checker for Symfony
The increasing popularity and use of Symfony appears to have brought the PHP framework to the attention of hackers. In response, SensioLabs, a company that is playing a major part in the development of the framework, has released the "Security Advisories Checker". The application allows PHP developers who manage the dependencies within a PHP project with the Composer tool to check the framework and any related dependencies for security holes.
To detect security holes, developers previously had to spend much time trying to find out about existing security fixes. The Security Advisories Checker checks the information that is stored in the composer.lock file. There are three options:
- The web page allows developers to upload the file and perform a direct online check.
- With the web service, developers can do a cURL (Client for URLs) check that can be directly integrated into their build/integration process.
- The command line tool offers the same functionality as the web page but can be integrated more easily into an existing Symfony/PHP project as a command.
To enable developers to check for any security holes in other libraries and bundles, the SensioLabs developers have invited potential contributors to add related vulnerabilities to a dedicated GitHub project that allows new security holes to be listed via pull requests.