Security Advisories Checker beta


Web Service / API

Instead of using the online tool, you can also check for vulnerabilities through a simple web service. Here is how your can use it with curl:

curl -H "Accept: text/plain" https://security.sensiolabs.org/check_lock -F lock=@/path/to/composer.lock

This will display any found vulnerabilities as plain text:

Security Report
===============

The checker detected 1 package(s) that have known* vulnerabilities in
your project. We recommend you to check the related security advisories
and upgrade these dependencies.

symfony/symfony (2.1.x-dev)
---------------------------

CVE-2013-1397: Ability to enable/disable object support in YAML parsing and dumping
               https://symfony.com/blog/security-release-symfony-2-0-22-and-2-1-7-released

* Disclaimer: This checker can only detect vulnerabilities that are referenced
              in the security advisories database.
              https://github.com/FriendsOfPHP/security-advisories

If you want to integrate the tool in your own workflow, the number of alerts is stored in the X-Alerts HTTP header.

You can also get a JSON representation of the vulnerabilities:

curl -H "Accept: application/json" https://security.sensiolabs.org/check_lock -F lock=@/path/to/composer.lock

If will return something like the following:

{
    "symfony\/symfony": {
        "version": "2.1.x-dev",
        "advisories": {
            "symfony\/symfony\/CVE-2013-1397.yaml": {
                "title": "Ability to enable\/disable object support in YAML parsing and dumping",
                "link": "http:\/\/symfony.com\/blog\/security-release-symfony-2-0-22-and-2-1-7-released",
                "cve": "CVE-2013-1397"
            }
        }
    }
}