Merge branch '3.4' into 4.2

javiereguiluz · javiereguiluz · commit af16b40bff4c · 2019-04-16T13:09:24.000+02:00
* 3.4:
  Switch the security-check to the Symfony client one
diff --git a/security/security_checker.rst b/security/security_checker.rst
@@ -5,28 +5,19 @@ How to Check for Known Security Vulnerabilities in Your Dependencies
 ====================================================================
 
 When using lots of dependencies in your Symfony projects, some of them may
-contain security vulnerabilities. That's why Symfony provides a command called
-``security:check`` that checks your ``composer.lock`` file to find any known
-security vulnerability in your installed dependencies.
-
-First, install the security checker in your project:
-
-.. code-block:: terminal
-
-    # require at least the 5.0 version of the package because older versions
-    # checked the security vulnerabilities using a URL that is no longer available
-    $ composer require sensiolabs/security-checker:^5.0
-
-Then run this command:
+contain security vulnerabilities. That's why the :doc:`Symfony local server </setup/symfony_server>`
+includes a command called ``security:check`` that checks your ``composer.lock``
+file to find known security vulnerabilities in your installed dependencies:
 
 .. code-block:: terminal
 
-    $ php bin/console security:check
+    $ symfony security:check
 
 A good security practice is to execute this command regularly to be able to
-update or replace compromised dependencies as soon as possible. Internally,
-this command uses the public `security advisories database`_ published by the
-FriendsOfPHP organization.
+update or replace compromised dependencies as soon as possible. The security
+check is done locally by cloning the `security advisories database`_ published
+by the FriendsOfPHP organization, so your ``composer.lock`` file is not sent on
+the network.
 
 .. tip::
 
@@ -35,11 +26,4 @@ FriendsOfPHP organization.
     This way you can add it to your project build process and your continuous
     integration workflows to make them fail when there are vulnerabilities.
 
-.. tip::
-
-    The security checker is also available as an independent console application
-    and distributed as a PHAR file so you can use it in any PHP application.
-    Check out the `Security Checker repository`_ for more details.
-
 .. _`security advisories database`: https://github.com/FriendsOfPHP/security-advisories
-.. _`Security Checker repository`: https://github.com/sensiolabs/security-checker
