Public | Automated Build

Last pushed: a year ago
Short Description
Image to provide a report of PHP Security alerts, from a composer.lock file.
Full Description


The objective is to provide a quick report of known PHP security alerts, based on the contents from a given
composer.lock file, in an easy to use Docker image.

More specifically this image provides an easy interface to use:

  • sensiolabs/security-checker

IMPORTANT: This tool makes no claims of being an exhaustive reference of security issues. As such, it is
merely a tool to highlight possibilities, and should not be relied upon as a sole reference.


Windows users: The use of "$PWD" for present working directory will not work as expected, instead use the full path.
Such as "//c/Users/adamculp/project".

$ cd </path/to/desired/directory>
$ docker run -it --rm -v "$PWD":/app -w /app adamculp/php-security-checker:latest \
php /usr/local/lib/php-security-checker/vendor/bin/security-checker security:check \
./composer.lock  > ./security_check_results.txt

In the example above, Docker runs an interactive terminal to be removed when all is completed, and mounts
the current host directory ($PWD) inside the container, sets this as the current working directory, and then
loads the image adamculp/php-security-checker. Following this we call on security-checker to run the
security:check on the composer.lock in the current working directory, and finally, output the results
to a text file in the current working directory.

This is the most common use case, enabling the user to run the tool on a composer.lock file located anywhere
on the host system by altering the path used in the command.


Please star, on Docker Hub and/or Github, if you find this helpful.

Docker Pull Command
Source Repository