A tool for checking known vulnerabilities in a php project using composer

Question

A tool for checking known vulnerabilities in a php project using composer

I am working on a php project that the composer uses, but some of the dependencies are very old, including the php version. We are trying to convince the client to upgrade the php version and, therefore, all other dependencies. We would like to analyze existing dependencies and find known vulnerabilities for them.

Are there any php tools that run dependency checking ?

I did this with ruby projects using batch audit , but I was not able to find a similar tool for php.

+5

security php composer-php owasp

Cris pinto Aug 23 '16 at 0:54

source share

1 answer

enygma · Accepted Answer · 2016-08-23T13:33:36+0000

Well, there is the Compave Composer package from Roave ( https://github.com/Roave/SecurityAdvisories ), but the library reporting is fully consistent with the project. It checks the database from this repository: https://github.com/FriendsOfPHP/security-advisories

Many of the larger projects have their problems posted there, but since they are fairly voluntary, this may not be as widespread as you hope. Hope this helps.

A tool for checking known vulnerabilities in a php project using composer

More articles: