PHPackages koeker/composer-audit-guard - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [CLI & Console](/categories/cli) 4. / 5. koeker/composer-audit-guard ActiveLibrary[CLI & Console](/categories/cli) koeker/composer-audit-guard =========================== CLI tool for Composer security audit with blacklist functionality and JUnit XML reports 1.0.0(3mo ago)01MITPHPPHP >=8.0 Since Jan 30Pushed 3mo agoCompare [ Source](https://github.com/KOeker/composer-audit-guard)[ Packagist](https://packagist.org/packages/koeker/composer-audit-guard)[ RSS](/packages/koeker-composer-audit-guard/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (1)Dependencies (3)Versions (2)Used By (0) composer-audit-guard ==================== [](#composer-audit-guard) [![Latest Stable Version](https://camo.githubusercontent.com/fa8fcf8f31996a633efe24f825ab23b7d14ae0cd3828669a58a4a767eac2fee9/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f6b6f656b65722f636f6d706f7365722d61756469742d67756172642e737667)](https://packagist.org/packages/koeker/composer-audit-guard)[![Total Downloads](https://camo.githubusercontent.com/5f1bc3e3061c29dfd2831faa774de5e673e9e99cc992f199f82ed86c7e932ed5/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f6b6f656b65722f636f6d706f7365722d61756469742d67756172642e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/koeker/composer-audit-guard)[![PHP Version](https://camo.githubusercontent.com/1562b13202f0ca2a250033b8fb274e1221c40a798e66ac769fd3c5c60061441b/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f7068702d762f6b6f656b65722f636f6d706f7365722d61756469742d6775617264)](https://camo.githubusercontent.com/1562b13202f0ca2a250033b8fb274e1221c40a798e66ac769fd3c5c60061441b/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f7068702d762f6b6f656b65722f636f6d706f7365722d61756469742d6775617264)[![License: MIT](https://camo.githubusercontent.com/fdf2982b9f5d7489dcf44570e714e3a15fce6253e0cc6b5aa61a075aac2ff71b/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4c6963656e73652d4d49542d79656c6c6f772e737667)](https://camo.githubusercontent.com/fdf2982b9f5d7489dcf44570e714e3a15fce6253e0cc6b5aa61a075aac2ff71b/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4c6963656e73652d4d49542d79656c6c6f772e737667) A powerful CLI tool for Composer security audits with blacklist functionality and JUnit XML reports for CI/CD integration. ✨ Features ---------- [](#-features) - 🔍 **Security Scanning**: Runs composer audit and groups vulnerabilities by severity level - 🚫 **Blacklist Function**: Ignore known packages and display them separately - 📊 **JUnit XML Reports**: Perfect for Jenkins, GitLab CI, and other CI/CD systems - ⚙️ **Config File Support**: Configuration via `.auditguardrc.json` file - 🎨 **Colored Output**: Clear, color-coded terminal output - 🔄 **Flexible Options**: Scan with or without dev dependencies 📦 Installation -------------- [](#-installation) ### Global [](#global) ``` composer global require koeker/composer-audit-guard ``` Make sure your global composer bin directory is in your PATH. ### Local (per project) [](#local-per-project) ``` composer require --dev koeker/composer-audit-guard ``` 🚀 Usage ------- [](#-usage) ### Initialize Config File [](#initialize-config-file) Create a `.auditguardrc.json` config file in your project: ``` composer-audit-guard init ``` This creates a default config file that you can customize with your blacklist and settings. ### Basic Scan [](#basic-scan) Standard scan without dev dependencies: ``` composer-audit-guard ``` or with composer exec: ``` composer exec composer-audit-guard ``` ### With Dev Dependencies [](#with-dev-dependencies) ``` composer-audit-guard --dev ``` ### With Blacklist [](#with-blacklist) **Option 1: Using config file (recommended for multiple packages)** ``` # Create config file once composer-audit-guard init # Edit .auditguardrc.json and add your packages to the blacklist array # Then just run: composer-audit-guard ``` **Option 2: Command line (quick one-time use)** ``` composer-audit-guard --blacklist="symfony/http-kernel,guzzlehttp/guzzle,monolog/monolog" ``` ### JUnit XML Report [](#junit-xml-report) ``` # Standard output (./audit-results.xml) composer-audit-guard --junit # Custom output path composer-audit-guard --junit --output="./test-results/security-audit.xml" ``` **Important:** The JUnit XML also includes **blacklist warnings as failures**! If a package is on the blacklist but has no security issues, this will be reported as a failure in Jenkins/CI. This helps keep your blacklist clean. ### Combined [](#combined) ``` composer-audit-guard --dev --blacklist="old-package,legacy-dep" --junit --output="./reports/audit.xml" ``` 📋 Example Output ---------------- [](#-example-output) ``` Running security audit... [████████████████████] 100% === Security Audit Results === Critical: - symfony/http-kernel (>=2.0.0 =6.0.0 =1.0.0 =4.3.0