security-checker

TLDR

Check project

$ security-checker security:check

Check specific file

$ security-checker security:check [composer.lock]

Output as JSON

$ security-checker security:check --format=json

Check with end-of-life

$ security-checker security:check --end-point=[url]

SYNOPSIS

security-checker security:check [--format fmt] [options] [lockfile]

security-checker audits PHP dependencies. It finds known vulnerabilities.
Checks composer.lock file. Analyzes installed packages.
Uses FriendsOfPHP database. Known vulnerability list.
CI/CD integration ready. Exit codes for automation.
Multiple output formats. JSON for parsing.

PARAMETERS

security:check

Check for vulnerabilities.

--format FMT

Output format (text, json, yaml).

--end-point URL

Custom vulnerability DB.

--timeout SEC

Request timeout.

-v

Verbose output.

CAVEATS

PHP/Composer specific. Database may lag. Network required.

HISTORY

security-checker was created by SensioLabs (Symfony) to check PHP project dependencies for known security vulnerabilities.