Skip to content

Commit 7f3fb71

Browse files
javiereguiluzjaviereguiluz
committed
Documented the security:check command
1 parent cad4d3f commit 7f3fb71

File tree

2 files changed

+33
-0
lines changed

2 files changed

+33
-0
lines changed

book/installation.rst

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -296,6 +296,18 @@ them all at once:
296296
Depending on the complexity of your project, this update process can take up to
297297
several minutes to complete.
298298

299+
.. tip::
300+
301+
Symfony provides a command to check whether your project's dependencies
302+
contain any know security vulnerability:
303+
304+
.. code-block:: bash
305+
306+
$ php app/console security:check
307+
308+
A good security practice is to execute this command regularly to be able to
309+
update or replace compromised dependencies as soon as possible.
310+
299311
.. _installing-a-symfony2-distribution:
300312

301313
Installing a Symfony Distribution

book/security.rst

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2055,6 +2055,26 @@ to work correctly. Just pass a file name to enable it::
20552055
You can also access a secure random instance directly from the Symfony
20562056
dependency injection container; its name is ``security.secure_random``.
20572057

2058+
Checking Dependencies Security
2059+
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2060+
2061+
.. versionadded:: 2.6
2062+
The ``security:check`` command was introduced in Symfony 2.6.
2063+
2064+
When using lots of dependencies in your Symfony projects, odds are that some of
2065+
them contain security vulnerabilities. That's why Symfony includes a command
2066+
called ``security:check`` that checks whether any of your installed dependencies
2067+
contain a known security vulnerability:
2068+
2069+
.. code-block:: bash
2070+
2071+
$ php app/console security:check
2072+
2073+
A good security practice is to execute this command regularly to be able to
2074+
update or replace compromised dependencies as soon as possible. Internally,
2075+
this command uses the public `security advisories database`_ published by the
2076+
FriendsOfPHP organization.
2077+
20582078
Final Words
20592079
-----------
20602080

@@ -2088,3 +2108,4 @@ Learn more from the Cookbook
20882108
.. _`FOSUserBundle`: https://github.com/FriendsOfSymfony/FOSUserBundle
20892109
.. _`implement the \Serializable interface`: http://php.net/manual/en/class.serializable.php
20902110
.. _`Timing attack`: http://en.wikipedia.org/wiki/Timing_attack
2111+
.. _`security advisories database`: https://github.com/FriendsOfPHP/security-advisories

0 commit comments

Comments
 (0)