This PHPCI plugin allow you to check your composer.lock using https://security.sensiolabs.org/
- Add hipay/phpci-composer-security-checker in your composer.json:
[...]
"require": {
[...]
"hipay/phpci-composer-security-checker": "dev-master",
[...]
},
[...]
- Run composer require hipay/hipay/phpci-composer-security-checker
- Copy javascript to PHPCI :
cp /path/to/phpci/vendor/hipay/hipay/phpci-composer-security-checker/Hipay/PHPCI/Plugin/js/composer-security-check.js /path/to/phpci/public/assets/js/build-plugins/composer-security-check.js
- Add this line to your phpci.yml:
\Hipay\PHPCI\Plugin\ComposerChecker: