Composer Security will install a job that:
- Creates a list of composer.lock files;
- Checks each file for vulnerability issues;
- Sends a notification per email in case there is a problem.
Why is this important?
Are you 100% sure that all your Composer dependencies are safe? In case you are not, you can automate scanning all your project dependencies, so you don't have to think about it.
This package is open source (MIT), see https://github.com/a3020/composer_security.
It can be installed via Composer (composer require a3020/composer_security).
Read more in the FAQ.
Tested in PHP 5.6 and 7.1.
Works in concrete5 8.1 and up.