Check your server’s composer files for known PHP vulnerabilities

The Sensio people have made so cool stuff including the SensioLabs Security Checker. You can use it via composer but you can also download a PHAR file and scan your entire server.

wget http://get.sensiolabs.org/security-checker.phar -O ~/security-checker.phar
find /var/www -type f -name "composer.lock" -exec php ~/security-checker.phar security:check {} ;
Symfony Security Check Report
=============================

// Checked file: /var/www/XYZ/ABC/composer.lock
[OK] No packages have known vulnerabilities.
! [NOTE] This checker can only detect vulnerabilities that are referenced in the SensioLabs security advisories ! database. Execute this command regularly to check the newly discovered vulnerabilities.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.