Skip to content

Commit 9a31473

Browse files
javiereguiluzjaviereguiluz
committed
minor #16409 Revert changes related to check:security command (javiereguiluz)
This PR was merged into the 4.4 branch. Discussion ---------- Revert changes related to check:security command This reverts #16356 because the `check:security` command has been re-added in symfony-cli/symfony-cli#46 Commits ------- b140895 Revert changes related to check:security command
2 parents 9064cdc + b140895 commit 9a31473

File tree

1 file changed

+17
-8
lines changed

1 file changed

+17
-8
lines changed

setup.rst

Lines changed: 17 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -224,21 +224,30 @@ require --no-unpack ...`` option to disable unpacking.
224224
Checking Security Vulnerabilities
225225
---------------------------------
226226

227-
A good and recommended security practice is to check from time to time whether your
228-
project's dependencies contain any known security vulnerabilities. You can leverage the
229-
`Local PHP Security Checker`_ to do so.
227+
The ``symfony`` binary created when you `install Symfony CLI`_ provides a command
228+
to check whether your project's dependencies contain any known security
229+
vulnerability:
230230

231-
You can also execute this process regularly to be able to
231+
.. code-block:: terminal
232+
233+
$ symfony check:security
234+
235+
A good security practice is to execute this command regularly to be able to
232236
update or replace compromised dependencies as soon as possible. The security
233237
check is done locally by fetching the public `PHP security advisories database`_,
234238
so your ``composer.lock`` file is not sent on the network.
235239

240+
The ``check:security`` command terminates with a non-zero exit code if any of
241+
your dependencies is affected by a known security vulnerability. This way you
242+
can add it to your project build process and your continuous integration
243+
workflows to make them fail when there are vulnerabilities.
244+
236245
.. tip::
237246

238-
The ``check:security`` command terminates with a non-zero exit code if
239-
any of your dependencies is affected by a known security vulnerability.
240-
This way you can add it to your project build process and your continuous
241-
integration workflows to make them fail when there are vulnerabilities.
247+
In continuous integration services you can check security vulnerabilities
248+
using a different stand-alone project called `Local PHP Security Checker`_.
249+
This is the same project used internally by ``check:security`` but much
250+
smaller in size than the entire Symfony CLI.
242251

243252
Symfony LTS Versions
244253
--------------------

0 commit comments

Comments
 (0)