Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 9bee43c

Browse files
javiereguiluzjaviereguiluz
committed
Documented the security:check command
1 parent a51c623 commit 9bee43c

File tree

2 files changed

+34
-0
lines changed

2 files changed

+34
-0
lines changed

book/installation.rst

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -203,6 +203,19 @@ Symfony itself - into the ``vendor/`` directory.
203203
When passing ``relative`` instead of ``symlink`` to symfony-assets-install,
204204
the command will generate relative symlinks.
205205

206+
.. tip::
207+
208+
Once the dependencies of your project are installed, you can execute the
209+
following Symfony command to check whether they contain any know security
210+
vulnerability:
211+
212+
.. code-block:: bash
213+
214+
$ php app/console security:check
215+
216+
A good security practice is to execute this command regularly to be able to
217+
update or replace compromised dependencies as soon as possible.
218+
206219
Configuration and Setup
207220
~~~~~~~~~~~~~~~~~~~~~~~
208221

book/security.rst

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2055,6 +2055,26 @@ to work correctly. Just pass a file name to enable it::
20552055
You can also access a secure random instance directly from the Symfony
20562056
dependency injection container; its name is ``security.secure_random``.
20572057

2058+
Checking Dependencies Security
2059+
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2060+
2061+
.. versionadded:: 2.6
2062+
The ``security:check`` command was introduced in Symfony 2.6.
2063+
2064+
When using lots of dependencies in your Symfony projects, odds are that some of
2065+
them contain security vulnerabilities. That's why Symfony includes a command
2066+
called ``security:check`` that checks whether any of your installed dependencies
2067+
contain a known security vulnerability:
2068+
2069+
.. code-block:: bash
2070+
2071+
$ php app/console security:check
2072+
2073+
A good security practice is to execute this command regularly to be able to
2074+
update or replace compromised dependencies as soon as possible. Internally,
2075+
this command uses the public `security advisories database`_ published by the
2076+
FriendsOfPHP organization.
2077+
20582078
Final Words
20592079
-----------
20602080

@@ -2088,3 +2108,4 @@ Learn more from the Cookbook
20882108
.. _`FOSUserBundle`: https://github.com/FriendsOfSymfony/FOSUserBundle
20892109
.. _`implement the \Serializable interface`: http://php.net/manual/en/class.serializable.php
20902110
.. _`Timing attack`: http://en.wikipedia.org/wiki/Timing_attack
2111+
.. _`security advisories database`: https://github.com/FriendsOfPHP/security-advisories

0 commit comments

Comments
 (0)