The Security Checker will check your composer.lock file for known security vulnerabilities.
Composer
composer require --dev roave/security-advisories:dev-latest
More information about the library can be found on GitHub.
Config
The task lives under the securitychecker_roave namespace and has the following configurable parameters:
# grumphp.yml
grumphp:
tasks:
securitychecker_roave:
jsonfile: ./composer.json
lockfile: ./composer.lock
run_always: falsejsonfile
Default: ./composer.json
If your composer.json file is located in an exotic location, you can specify the location with this option. By default, the task will try to load a composer.json file in the current directory.
lockfile
Default: ./composer.lock
If your composer.lock file is located in an exotic location, you can specify the location with this option. By default, the task will try to load a composer.lock file in the current directory.
run_always
Default: false
When this option is set to false, the task will only run when the composer.lock file has changed. If it is set to true, the composer.lock file will be checked on every commit.