As Marco Pivetta has mentioned in his latest post to his site, Roave has released a tool for use with Composer that helps prevent vulnerable versions of software from even being installed (based on the data from the security-advisories data from FriendsOfPHP).
Since it's almost christmas, it's also time to release a new project! The Roave Team is pleased to announce the release of roave/security-advisories, a package that keeps known security issues out of your project.
The tool makes use of a "conflict" metapackage, mentioned in the Composer spec, and fails when the software and version is listed in the FriendsOfPHP information. This integration with Composer means that there's no need to run a separate tool for the checks to be made. It's integrated into the workflow and will dynamically fail without the need for you to update anything.
Link: http://ocramius.github.io/blog/roave-security-advisories-protect-against-composer-packages-with-security-issues/
没有评论:
发表评论