oneup / contao-security-checker-bundle
This check works by comparing the composer.lock against an open vulnerability database. A clean check does not mean there are absolutely no security problems whatsoever.
Installs: 4 138
Dependents: 0
Suggesters: 0
Security: 0
Stars: 8
Watchers: 4
Forks: 1
Open Issues: 3
Type:contao-bundle
Requires
- php: ^7.1
- ext-json: *
- contao/core-bundle: ^4.5
- doctrine/cache: ^1.6
- sensiolabs/security-checker: ^3.0 || ^4.0 || ^5.0
- symfony/event-dispatcher: ^3.0 || ^4.0
- symfony/http-foundation: ^3.0 || ^4.0
- symfony/swiftmailer-bundle: ^3.0 || ^4.0
- symfony/templating: ^3.0 || ^4.0
- symfony/translation: ^3.0 || ^4.0
- symfony/twig-bundle: ^3.0 | ^4.0
Requires (Dev)
- contao/manager-plugin: ^2.0
- php-http/guzzle6-adapter: ^1.1
README
Don't use this piece of software anymore as the underlying web service will stop working at the end of January 2021. Instead, use the Open-Source CLI tool that does the same locally, or use the Symfony CLI tool.
Contao Security Checker Bundle
This extension provides a way to automatically or manually check your installed vendor extensions and the Contao core against the open vulnerability database at FriendsOfPHP/security-advisories.
--
Features included:
- Perform the check regularly.
- Get an E-Mail if the audit failed in any way. (Or always get an email if a check was performed. Your choice.)
- Start the check manually.
- Suppress notifications for manually started checks.
--
Note: A clean check does not imply that there are no security problems present, it just means that the test against the underlying database reveiled nothing.
Documentation
Installation
Perform the following steps to install and use the basic functionality of the OneupUploaderBundle:
- Download the ContaoSecurityCheckerBundle using Composer
- Enable the bundle
- Configure the bundle
Step 1: Download the ContaoSecurityCheckerBundle
Add OneupUploaderBundle to your composer.json using the following construct:
$ composer require oneup/contao-security-checker-bundle "^0.4"
Composer will install the bundle to your project's vendor/oneup/contao-security-checker-bundle directory.
Step 2: Enable the bundle
Enable the bundle in the kernel:
<?php // app/AppKernel.php public function registerBundles() { $bundles = [ // ... new Oneup\Bundle\ContaoSecurityCheckerBundle\OneupContaoSecurityCheckerBundle(), ]; }
Enable the bundles api route:
# app/config/routing.yml oneup_contao_security_checker: prefix: /security-advisories resource: "@OneupContaoSecurityCheckerBundle/Resources/config/routing.yml" # ...
Step 3: Configure the bundle
Add this little configuration to your app/config/config.yml and adjust it to your needs.
# app/config/config.yml # OneupContaoSecurityChecker configuration oneup_contao_security_checker: enable_notifications: true suppress_manual_audits: false notify_only_failed_audits: true notification_email: your@email.here cron_cycle: daily enable_cron: true enable_api: false api_key: ~
Upgrade Notes
- Version 0.4.0 Added an API endpoint, per default disabled (see #7)
- Version 0.3.0 Added Contao Manager Plugin
- Version 0.2.0 Renamed Bundle (update/check your
app/config/config.yml) - Version 0.1.0 Initial release
License
This bundle is under the MIT license. See the complete license in the bundle.
Reporting an issue or a feature request
Issues and feature requests are tracked in the Github issue tracker.
When reporting a bug, it may be a good idea to reproduce it in a basic project built using the Contao Standard Edition to allow developers of the bundle to reproduce the issue by simply cloning it and following some steps.