name: 'The PHP Security Checker'
description: 'Checks composer.json for known vulnerabilities in your package dependencies'
branding:
    icon: 'umbrella'
    color: 'gray-dark'
inputs:
    lock:
        description: 'The path to composer.lock is stored (root directory by default)'
        required: false
        default: './composer.lock'
    format:
        description: 'The output format (ansi by default, supported: ansi, junit, markdown, json, or yaml)'
        required: false
        default: ansi
    disable-exit-code:
        description: 'Whether to continue when issues are detected (false by default)'
        required: false
        default: 0
outputs:
    vulns:
        description: 'The detected vulnerabilities as JSON'
runs:
    using: 'docker'
    image: 'docker://ghcr.io/symfony-cli/symfony-cli:v5'
    args:
        - "security:check"
        - "--format"
        - ${{ inputs.format }}
        - "--dir"
        - ${{ inputs.lock }}
        - "--disable-exit-code=${{ inputs.disable-exit-code }}"