A Phing task for interacting with the SensioLabs Security Advisories Checker to check if your application uses dependencies with known security vulnerabilities.
The preferred way of installing
bitexpert/phing-securitychecker is through Composer. Add
bitexpert/phing-securitychecker as a dependency to
composer.phar require bitexpert/phing-securitychecker
Import the default build.xml to let Phing know about the Security Checker task:
<import file="vendor/bitexpert/phing-securitychecker/build.xml" />
If you imported the default build.xml, you are able to define the lock file path as well the as the webservice endpoint by defining two properties in your main build.xml file:
<property name="securitychecker.lockfile" value="composer.lock" /> <property name="securitychecker.endpoint" value="https://security.sensiolabs.org/check_lock" />
Or define the securitychecker task on your own:
<taskdef name="securitychecker" classname="bitExpert\Phing\SecurityChecker\SecurityCheckerTask" />
Call the task from your build target:
<securitychecker lockfile="composer.lock" />
phing-securitychecker is released under the Apache 2.0 license.