security-checker

Check project

$ security-checker security:check

$ security-checker security:check [composer.lock]

$ security-checker security:check --format=json

$ security-checker security:check --end-point=[url]

security-checker security:check [--format fmt] [options] [lockfile]

security-checker audits PHP project dependencies for known security vulnerabilities by analyzing the composer.lock file against the FriendsOfPHP security advisories database. It identifies installed packages with published CVEs or security issues.
The tool returns a non-zero exit code when vulnerabilities are found, making it suitable for CI/CD pipeline integration as a gate check. Output is available in text, JSON, and YAML formats for both human review and programmatic processing by other tools.

security:check

Check for vulnerabilities.

Output format (text, json, yaml).

Custom vulnerability DB.

Request timeout.

Verbose output.

PHP/Composer specific. Database may lag. Network required.

security-checker was created by SensioLabs (Symfony) to check PHP project dependencies for known security vulnerabilities.

composer(1), npm-audit(1), snyk(1)