Security Advisories Checker beta


Web Service / API

Instead of using the online tool, you can also check for vulnerabilities through a simple web service. Here is how your can use it with curl:

curl -H "Accept: text/plain" https://security.sensiolabs.org/check_lock -F lock=@/path/to/composer.lock

This will display any found vulnerabilities as plain text:

Security Report
===============

The checker detected 1 package(s) that have known* vulnerabilities in
your project. We recommend you to check the related security advisories
and upgrade these dependencies.

symfony/symfony (2.1.x-dev)
---------------------------

CVE-2013-1397: Ability to enable/disable object support in YAML parsing and dumping
               https://symfony.com/blog/security-release-symfony-2-0-22-and-2-1-7-released

* Disclaimer: This checker can only detect vulnerabilities that are referenced
              in the SensioLabs security advisories database.

If you want to integrate the tool in your own workflow, the number of alerts is stored in the X-Alerts HTTP header.

You can also get a JSON representation of the vulnerabilities:

curl -H "Accept: application/json" https://security.sensiolabs.org/check_lock -F lock=@/path/to/composer.lock

If will return something like the following:

{
    "symfony\/symfony": {
        "version": "2.1.x-dev",
        "advisories": {
            "symfony\/symfony\/CVE-2013-1397.yaml": {
                "title": "Ability to enable\/disable object support in YAML parsing and dumping",
                "link": "http:\/\/symfony.com\/blog\/security-release-symfony-2-0-22-and-2-1-7-released",
                "cve": "CVE-2013-1397"
            }
        }
    }
}