@@ -146,37 +146,28 @@ jobs:
146146 - name : Run security checks
147147 run : |
148148 set -e
149-
150- composer audit --no-interaction --format=json > composer-audit.json || AUDIT_EXIT=$?
151-
149+
150+ composer audit --no-interaction --format=json > composer-audit.json || true
151+
152152 IGNORED=$(jq -r '.config.audit.ignore[]?' composer.json | sort || true)
153-
154- if [ "${AUDIT_EXIT:-0}" -ne 0 ]; then
155- FOUND=$(jq -r '
156- # Collect CVEs from both advisories and ignored-advisories
157- (.advisories[]?.advisories[]?.cve? // empty),
158- (.["ignored-advisories"][]?[]?.cve? // empty)
159- ' composer-audit.json | sort | uniq)
160-
161- DIFF=$(comm -23 <(echo "$FOUND") <(echo "$IGNORED"))
162-
163- if [ -n "$DIFF" ]; then
164- echo "❌ New vulnerabilities found by Composer audit:"
165- echo "$DIFF"
166- exit 1
167- else
168- echo "✅ No new vulnerabilities found by Composer audit."
169- fi
153+
154+ # Composer audit: check active advisories only
155+ FOUND=$(jq -r '(.advisories[]?.cve? // empty)' composer-audit.json | sort | uniq)
156+ DIFF=$(comm -23 <(echo "$FOUND") <(echo "$IGNORED"))
157+
158+ if [ -n "$DIFF" ]; then
159+ echo "❌ New vulnerabilities found by Composer audit:"
160+ echo "$DIFF"
161+ exit 1
170162 else
171163 echo "✅ No new vulnerabilities found by Composer audit."
172164 fi
173-
165+
174166 symfony security:check --format=json > symfony-audit.json || true
175-
167+
176168 FOUND=$(jq -r '.[]?.advisories[]?.cve? // empty' symfony-audit.json | sort | uniq)
177-
178169 DIFF=$(comm -23 <(echo "$FOUND") <(echo "$IGNORED"))
179-
170+
180171 if [ -n "$DIFF" ]; then
181172 echo "❌ New vulnerabilities found by Symfony security:check:"
182173 echo "$DIFF"
0 commit comments