├── README.md
└── action.yml


/README.md:
--------------------------------------------------------------------------------
 1 | PHP Security Checker
 2 | ====================
 3 | 
 4 | This action checks your `composer.lock` for known vulnerabilities in your package dependencies.
 5 | 
 6 | Inputs
 7 | ------
 8 | 
 9 | * `lock` *optional* The path to the `composer.lock` file (defaults to the repository root directory).
10 | * `format` *optional* The output format (defaults to `ansi`, supported: `ansi`, `junit`, `markdown`, `json`, or `yaml`).
11 | * `disable-exit-code` *optional* Set it to `1` if you don't want the step to fail in case of detected vulnerabilities
12 | 
13 | Outputs
14 | -------
15 | 
16 | * `vulns` A JSON payload containing all detected vulnerabilities
17 | 
18 | Usage
19 | -----
20 | 
21 | If you want the step to fail whenever there is a security issue in one of your
22 | dependencies, use this action:
23 | 
24 |     steps:
25 |         - uses: actions/checkout@v4
26 |         - uses: symfonycorp/security-checker-action@v5
27 | 
28 | To speed up security checks, you can cache the vulnerability database:
29 | 
30 |     steps:
31 |         - uses: actions/checkout@v4
32 |         - uses: actions/cache@v2
33 |           id: cache-db
34 |           with:
35 |               path: ~/.symfony/cache
36 |               key: db
37 |         - uses: symfonycorp/security-checker-action@v5
38 | 
39 | If the `composer.lock` is not in the repository root directory, pass is as an
40 | input:
41 | 
42 |     steps:
43 |         - uses: actions/checkout@v4
44 |         - uses: symfonycorp/security-checker-action@v5
45 |           with:
46 |               lock: subdir/composer.lock
47 | 
48 | Instead of failing, you can also get the vulnerabilities as a JSON output and
49 | do something with them in another step:
50 | 
51 |     steps:
52 |         - uses: actions/checkout@v4
53 |         - uses: symfonycorp/security-checker-action@v5
54 |           with:
55 |               disable-exit-code: 1
56 |           id: security-check
57 |         - name: Display the vulnerabilities as JSON
58 |           run: echo ${{ steps.security-check.outputs.vulns }}
59 | 


--------------------------------------------------------------------------------
/action.yml:
--------------------------------------------------------------------------------
 1 | name: 'The PHP Security Checker'
 2 | description: 'Checks composer.json for known vulnerabilities in your package dependencies'
 3 | branding:
 4 |     icon: 'umbrella'
 5 |     color: 'gray-dark'
 6 | inputs:
 7 |     lock:
 8 |         description: 'The path to composer.lock is stored (root directory by default)'
 9 |         required: false
10 |         default: './composer.lock'
11 |     format:
12 |         description: 'The output format (ansi by default, supported: ansi, junit, markdown, json, or yaml)'
13 |         required: false
14 |         default: ansi
15 |     disable-exit-code:
16 |         description: 'Whether to continue when issues are detected (false by default)'
17 |         required: false
18 |         default: 0
19 | outputs:
20 |     vulns:
21 |         description: 'The detected vulnerabilities as JSON'
22 | runs:
23 |     using: 'docker'
24 |     image: 'docker://ghcr.io/symfony-cli/symfony-cli:v5'
25 |     args:
26 |         - "security:check"
27 |         - "--format"
28 |         - ${{ inputs.format }}
29 |         - "--dir"
30 |         - ${{ inputs.lock }}
31 |         - "--disable-exit-code=${{ inputs.disable-exit-code }}"
32 | 


--------------------------------------------------------------------------------