Preventing Installing Composer Dependencies with Known Security Vulnerabilities

This page summarizes the projects mentioned and recommended in the original post on dev.to
Laravel PHP Static Analysis security-advisories dynamic-analysis

WorkOS
Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • SecurityAdvisories

    :closed_lock_with_key: Security advisories as a simple composer exclusion list, updated daily

    • To reduce the chance of introducing vulnerable dependencies into your projects, you can use tools such as "Roave Security Advisories" (roave/security-advisories).

  • enlightn

    Your performance & security consultant, an artisan command away.

    • There are other tools out there, such as Enlightn and Dependabot, that help you to detect dependencies in your project with security vulnerabilities. But I'd like to think of these types of tools more as being "reactive". By that, I mean that they can alert you of vulnerable dependencies after you've installed them in your project. This can result in you introducing potential security holes into your applications without being aware at first. This is by no means a discredit to any of these types of tools though. Vulnerabilities are always being discovered in frameworks, packages, and libraries. So being able to detect them is a great way to stay on top of your project's security.

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

    WorkOS logo
NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts