File tree Expand file tree Collapse file tree 1 file changed +7
-13
lines changed
Expand file tree Collapse file tree 1 file changed +7
-13
lines changed Original file line number Diff line number Diff line change @@ -146,18 +146,13 @@ jobs:
146146 - name : Run security checks
147147 run : |
148148 set -e
149-
149+
150150 composer audit --no-interaction --format=json > composer-audit.json || AUDIT_EXIT=$?
151-
151+
152152 IGNORED=$(jq -r '.config.audit.ignore[]?' composer.json | sort || true)
153-
153+
154154 if [ "${AUDIT_EXIT:-0}" -ne 0 ]; then
155- FOUND=$(jq -r '
156- # Collect CVEs from both advisories and ignored-advisories
157- (.advisories[]?.advisories[]?.cve? // empty),
158- (.["ignored-advisories"][]?[]?.cve? // empty)
159- ' composer-audit.json | sort | uniq)
160-
155+ FOUND=$(jq -r '(.advisories[]?.cve? // empty)' composer-audit.json | sort | uniq)
161156 DIFF=$(comm -23 <(echo "$FOUND") <(echo "$IGNORED"))
162157
163158 if [ -n "$DIFF" ]; then
@@ -170,13 +165,12 @@ jobs:
170165 else
171166 echo "✅ No new vulnerabilities found by Composer audit."
172167 fi
173-
168+
174169 symfony security:check --format=json > symfony-audit.json || true
175-
170+
176171 FOUND=$(jq -r '.[]?.advisories[]?.cve? // empty' symfony-audit.json | sort | uniq)
177-
178172 DIFF=$(comm -23 <(echo "$FOUND") <(echo "$IGNORED"))
179-
173+
180174 if [ -n "$DIFF" ]; then
181175 echo "❌ New vulnerabilities found by Symfony security:check:"
182176 echo "$DIFF"
You can’t perform that action at this time.
0 commit comments