Skip to content

Commit

Permalink
Activate composer audit by default (instead of roave security advisor…
Browse files Browse the repository at this point in the history
…ies)
veewee committed May 17, 2024
1 parent 87b8fe3 commit f7cb092
Showing 2 changed files with 19 additions and 9 deletions.
22 changes: 17 additions & 5 deletions README.md
Original file line number Diff line number Diff line change
@@ -30,18 +30,30 @@ composer recipes
composer recipes:install THE/DEPENDENCY --force -v
```

### roave/security-advisories

```bash
composer require --dev roave/security-advisories:dev-master
```
### composer audit (security-advisories)

```yaml
# grumphp.yaml
parameters:
run_security_advisories: true
```
You might want to alter the default composer audit configuration in your local composer.json file.
For example if you don't want to fail CI on usage of abandoned packages:
```json
{
"config": {
"audit": {
"abandoned": "report"
}
}
}
```

[See official docs for more information.](https://getcomposer.org/doc/06-config.md#audit)

### phpstan/phpstan

```bash
6 changes: 2 additions & 4 deletions grumphp-convention.yml
Original file line number Diff line number Diff line change
@@ -3,7 +3,7 @@ parameters:
stop_on_first_failure: false
run_phpstan: false
run_psalm: false
run_security_advisories: false
run_security_advisories: true
grumhp_exec_command: kevin app php
phpstan.level: "max"
phpunit.parallel: true
@@ -61,9 +61,7 @@ grumphp:
phpcsfixer:
config: ".php-cs-fixer.php"
config_contains_finder: true
securitychecker_roave:
jsonfile: ./composer.json
lockfile: ./composer.lock
securitychecker_composeraudit:
run_always: true
metadata:
enabled: "%run_security_advisories%"

0 comments on commit f7cb092

Please sign in to comment.