Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SF4 - Command "security:check" is not defined #9612

Closed
wants to merge 1 commit into from
Closed

SF4 - Command "security:check" is not defined #9612

wants to merge 1 commit into from

Conversation

wasbait
Copy link

@wasbait wasbait commented Apr 17, 2018

In a project using SF4, security:check command is undefined, we have to use bin/security-checker to execute this command.

@wasbait
SF4 - Command "security:check" is not defined
3e35b63 
In a project using SF4, security:check command is undefined, we have to use bin/security-checker to execute this command.
@javiereguiluz
Copy link
Member

I've just verified this and I can't reproduce it:

$ composer create-project symfony/skeleton my_project
$ cd my_project/
$ composer require security-checker
$ ./bin/console security:check

Symfony Security Check Report
=============================

 // Checked file: /Users/javier/Desktop/my_project/composer.lock

 [OK] No packages have known vulnerabilities.

@wasbait @oallain how can you reproduce the error? Thanks!

@wasbait
Copy link
Author

wasbait commented Apr 18, 2018

Ok, I think I understood.
By default, when creating the project, the environment is DEV, and there is a security_checker.yaml configuration file, but in my case, I also use it in a CI environment and I think it would be nice to update the documentation either by using bin / security-checker or by adding this configuration information.
What do you think ?

@xabbuh
Copy link
Member

xabbuh commented Apr 18, 2018

Can you explain why that is different in your CI environment from what you have during development?

@wasbait
Copy link
Author

wasbait commented Apr 18, 2018

on my CI environment, my application runs with an APP_ENV = CI and following the instructions in the documentation it will not work.
I agree that a good DEV will not need explanations to solve this little problem but, i find it useful to complete the documentation to explain that by following the instructions, it is necessary to remain in env of development so that it functions as described.
If we change the environment, for some reason, we would have to either change the configuration files or use bin / security-checker security: check.

@javiereguiluz javiereguiluz mentioned this pull request Apr 23, 2018
Merged
@javiereguiluz
Copy link
Member

@wasbait I think you are right and I don't understand why we limit this command to the dev environment only. I've proposed a change in the related recipe of the security checker. See symfony/recipes#402.

@javiereguiluz
Copy link
Member

I'm glad to say that the Symfony Flex recipe of the Security Checker has been modified to allow running this command in any environment (symfony/recipes#402).

We must close this as "no longer need to fix it" ... but I want to thank @wasbait for opening this issue. Thanks to your comments we've improved Symfony for the entire community 😃 Cheers!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@oallain oallain oallain approved these changes

Assignees
No one assigned
Labels
Status: Needs Review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@wasbait @javiereguiluz @xabbuh @oallain @carsonbot