• Stars
    star
    2,694
  • Rank 16,945 (Top 0.4 %)
  • Language
  • License
    MIT License
  • Created about 10 years ago
  • Updated 3 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

🔐 Security advisories as a simple composer exclusion list, updated daily

Roave Security Advisories

A message to Russian 🇷🇺 people

If you currently live in Russia, please read this message.

SWUbanner

Purpose

Hourly build Downloads

This package ensures that your application doesn't have installed dependencies with known security vulnerabilities.

Installation

composer require --dev roave/security-advisories:dev-latest

Usage

This package does not provide any API or usable classes: its only purpose is to prevent installation of software with known and documented security issues. Simply add "roave/security-advisories": "dev-latest" to your composer.json "require-dev" section and you will not be able to harm yourself with software with known security vulnerabilities.

For example, try following:

composer require --dev roave/security-advisories:dev-latest
# following commands will fail:
composer require symfony/symfony:2.5.2
composer require zendframework/zendframework:2.3.1 

The checks are only executed when adding a new dependency via composer require or when running composer update: deploying an application with a valid composer.lock and via composer install won't trigger any security versions checking.

You can manually trigger a version check by using the --dry-run switch on an update while not doing anything. Running composer update --dry-run roave/security-advisories is an effective way to manually trigger a security version check.

roave/security-advisories for enterprise

Available as part of the Tidelift Subscription.

The maintainers of roave/security-advisories and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source dependencies you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact dependencies you use. Learn more.

You can also contact us at [email protected] for looking into security issues in your own project.

Stability

This package can only be required in its dev-latest version: there will never be stable/tagged versions because of the nature of the problem being targeted. Security issues are in fact a moving target, and locking your project to a specific tagged version of the package would not make any sense.

This package is therefore only suited for installation in the root of your deployable project.

Sources

This package extracts information about existing security issues in various composer projects from the FriendsOfPHP/security-advisories repository and the GitHub Advisory Database.

More Repositories

1

BetterReflection

🔮 Better Reflection is a reflection API that aims to improve and provide more features than PHP's built-in reflection API.
PHP
1,176
star
2

BackwardCompatibilityCheck

🆎 Tool to compare two revisions of a class API to check for BC breaks
PHP
568
star
3

no-leaks

🚰 PHPUnit Plugin for detecting Memory Leaks in code and tests
PHP
496
star
4

Dont

🚫 Small set of defensive programming utilities/traits for PHP
PHP
400
star
5

StrictPhp

🚫 ✨ ❗ AOP-based strict type checks for PHP
PHP
261
star
6

you-are-using-it-wrong

🚔 Type check enforcement for library authors: enforces type-safety downstream
PHP
237
star
7

no-floaters

🔎 static analysis rules to prevent IEEE-754 floating point errors
PHP
207
star
8

FunctionFQNReplacer

PHP
158
star
9

infection-static-analysis-plugin

✅ 🐲 Static analysis on top of mutation testing - prevents escaped mutants from being invalid according to static analysis
PHP
121
star
10

psr-container-doctrine

Doctrine Factories for PSR-11 Containers
PHP
95
star
11

shorty

An asynchronous SMPP client and server built on Node.js. Shorty is sponsored and maintained by SMS Cloud, a subsidiary of Roave
JavaScript
92
star
12

DoctrineSimpleCache

Doctrine Cache adapter for PSR-16 Simple Cache
PHP
57
star
13

DocbookTool

📚 Docbook Tool for static documentation generation from Markdown files
PHP
53
star
14

Signature

✒️ Generate and verify basic signature for classes
PHP
43
star
15

behat-psr11extension

PSR-11 Container extension for Behat
PHP
40
star
16

composer-gpg-verify

🔐 📦 composer plugin to enforce GPG signatures on downloaded GIT composer packages
PHP
39
star
17

zf2-for-1

Enables using Zend Framework 2 features in a Zend Framework 1 application.
PHP
34
star
18

RoaveDeveloperTools

A PHP application visualization/debugging tool for ZendFramework/Symfony
PHP
29
star
19

psalm-html-output

Psalm HTML output format
XSLT
21
star
20

issues

Dead simple issue tracker (think standalone Github issues clone)
PHP
19
star
21

billing

open source php billing and invoicing
PHP
16
star
22

EmailTemplates

PHP
14
star
23

SecurityAdvisoriesBuilder

🔨 Build tools responsible for assembling https://github.com/Roave/SecurityAdvisories/blob/master/composer.json
PHP
10
star
24

RoaveDbCriteria

Use Doctrine Collections expressions with Zend\Db\Sql for smart criteria / filtering / query building.
PHP
6
star
25

NonceUtility

PHP
5
star
26

Assistant

Browser-based virtual assistant framework.
JavaScript
5
star
27

LaravelInfinidash

AWS Infinidash integration for Laravel applications
4
star
28

MtdTimeTracker

Simple time tracker
PHP
4
star
29

zf1-migration

Enables using newer Zend Framework features in a Zend Framework 1 application for easier migration.
PHP
3
star
30

tickets

Ticket thingy
PHP
2
star
31

roave.github.io

The Roave website.
JavaScript
2
star
32

roave.com

Roave.com website
CSS
2
star
33

DPC-Tutorial

ZF2 DPC Tutorial
PHP
2
star
34

Phlam

PHP Lambda runnner for running functions as a service on AWS
2
star
35

RoaveBot

Out little IRC campanion for #roave on Freenode.
CoffeeScript
2
star
36

RoaveTrack

This repository will somehow solve all of Roave's operational needs one day.
1
star
37

Realpath

Realpath, yo!
PHP
1
star
38

smscloud-shorty

Shorty implementation used by SMS Cloud in production.
JavaScript
1
star
39

roave.com-gh

New design for Roave.com
1
star
40

RoaveCast

Experiment(s) in real-time video/audio broadcasting to browsers.
1
star
41

demo-automatic-releases

Nothing to see here: we're just playing with github hooks
1
star