PHPackages spekulatius/silverstripe-composer-security-checker - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. spekulatius/silverstripe-composer-security-checker Abandoned → [bringyourownideas/silverstripe-composer-security-checker](/?search=bringyourownideas%2Fsilverstripe-composer-security-checker)Silverstripe-vendormodule[Security](/categories/security) spekulatius/silverstripe-composer-security-checker ================================================== Provides information if your SilverStripe application uses dependencies with known vulnerabilities. 2.0.4(6y ago)91.9k6[2 issues](https://github.com/bringyourownideas/silverstripe-composer-security-checker/issues)BSD-3-ClausePHPPHP >=5.6.0CI failing Since Sep 16Pushed 2y ago2 watchersCompare [ Source](https://github.com/bringyourownideas/silverstripe-composer-security-checker)[ Packagist](https://packagist.org/packages/spekulatius/silverstripe-composer-security-checker)[ Docs](https://github.com/bringyourownideas/silverstripe-composer-security-checker)[ RSS](/packages/spekulatius-silverstripe-composer-security-checker/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (10)Dependencies (5)Versions (29)Used By (0) SilverStripe Security Checker ============================= [](#silverstripe-security-checker) **WARNING**: As of January 2021, this module no longer works because the underlying service has been shut down (see [announcement](https://github.com/sensiolabs/security-checker) and [discussion](https://github.com/bringyourownideas/silverstripe-composer-security-checker/issues/57)). **NOTE**: This module is no longer commercially supported in Silverstripe CMS 5 and it does not provide a CMS5-compatible version. [![Build Status](https://camo.githubusercontent.com/94bfb4ea84a7c84cec3e61e4734892d2e5e3dd6ff9f6cca0911dab436fea6c31/68747470733a2f2f6170692e7472617669732d63692e6f72672f6272696e67796f75726f776e69646561732f73696c7665727374726970652d636f6d706f7365722d73656375726974792d636865636b65722e7376673f6272616e63683d6d6173746572)](https://travis-ci.org/bringyourownideas/silverstripe-composer-security-checker)[![Scrutinizer Code Quality](https://camo.githubusercontent.com/0fa66c4aa42691dd78d4603bf461b26fa34262586d7b58f549363527cf7bb5df/68747470733a2f2f7363727574696e697a65722d63692e636f6d2f672f6272696e67796f75726f776e69646561732f73696c7665727374726970652d636f6d706f7365722d73656375726974792d636865636b65722f6261646765732f7175616c6974792d73636f72652e706e673f623d6d6173746572)](https://scrutinizer-ci.com/g/bringyourownideas/silverstripe-composer-security-checker/?branch=master)[![codecov](https://camo.githubusercontent.com/8ec636a5fc7354e602b3a9c247c602d327e60c550254f3bc3656aaba5e1d91a1/68747470733a2f2f636f6465636f762e696f2f67682f6272696e67796f75726f776e69646561732f73696c7665727374726970652d636f6d706f7365722d73656375726974792d636865636b65722f6272616e63682f6d61737465722f67726170682f62616467652e737667)](https://codecov.io/gh/bringyourownideas/silverstripe-composer-security-checker) Adds a task which runs a check if any of the dependencies has known security vulnerabilities. It uses the [SensioLabs Security Check Web service](http://security.sensiolabs.org/) and the [Security Advisories Database](https://github.com/FriendsOfPHP/security-advisories). BSD 3-clause [License](https://github.com/bringyourownideas/silverstripe-composer-security-checker/blob/master/license.md) Requirements ------------ [](#requirements) - SilverStripe Framework ^4 - SilverStripe QueuedJobs ^4 ### Suggested Module [](#suggested-module) This module will automatically amend the SiteSummary report provided by the [SilverStripe Maintenance module](https://github.com/bringyourownideas/silverstripe-maintenance), adding alerts if security updates are present for installed modules. Installation ------------ [](#installation) The following installation commands includes schedulding a queuedjob to populate the data. Run the following command to install this package as a development dependency: ``` composer require bringyourownideas/silverstripe-composer-security-checker 2.x-dev vendor/bin/sake dev/build vendor/bin/sake dev/tasks/ProcessJobQueueTask ``` Usage ----- [](#usage) The information gets updated via a BuildTask, which in turn can be run via a queuedjob. You will need to set up a scheduled process (e.g. `cron`) to run either the buildtask directly, or the task to process the queuedjobs queue in order to refresh the information. Use the information is stored in the `SecurityAlert` object, and can be consumed as needed. Please be careful how you expose this information. If the SilverStripe Maintenance module is present, a relationship will be connected between `Package` and `SecurityAlert`. Documentation ------------- [](#documentation) Please see the user guide section of the [SilverStripe Maintenance module](https://github.com/bringyourownideas/silverstripe-maintenance/tree/1/docs/en/userguide). ### Health Score 35 — LowBetter than 80% of packages Maintenance16 Infrequent updates — may be unmaintained Popularity24 Limited adoption so far Community19 Small or concentrated contributor base Maturity69 Established project with proven stability Bus Factor2 2 contributors hold 50%+ of commits How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~71 days Recently: every ~124 days Total 28 Last Release 1968d ago Major Versions 0.3.4 → 2.0.02018-06-13 1.0.0 → 2.0.12018-11-07 1.0.1 → 2.0.22019-03-19 1.x-dev → 2.0.32019-08-15 PHP version history (3 changes)0.3.3PHP >=5.6.0 1.1.0-rc1PHP ^7.1 1.1.x-devPHP ^5.6 || ^7.0 ### Community Maintainers ![](https://avatars.githubusercontent.com/u/8433587?v=4)[Peter Thaleikis](/maintainers/spekulatius)[@spekulatius](https://github.com/spekulatius) --- Top Contributors [![spekulatius](https://avatars.githubusercontent.com/u/8433587?v=4)](https://github.com/spekulatius "spekulatius (43 commits)")[![robbieaverill](https://avatars.githubusercontent.com/u/5170590?v=4)](https://github.com/robbieaverill "robbieaverill (38 commits)")[![ScopeyNZ](https://avatars.githubusercontent.com/u/3260989?v=4)](https://github.com/ScopeyNZ "ScopeyNZ (6 commits)")[![emteknetnz](https://avatars.githubusercontent.com/u/4809037?v=4)](https://github.com/emteknetnz "emteknetnz (3 commits)")[![chillu](https://avatars.githubusercontent.com/u/111025?v=4)](https://github.com/chillu "chillu (2 commits)")[![lhalaa](https://avatars.githubusercontent.com/u/340514?v=4)](https://github.com/lhalaa "lhalaa (2 commits)")[![raissanorth](https://avatars.githubusercontent.com/u/14869519?v=4)](https://github.com/raissanorth "raissanorth (1 commits)")[![NightJar](https://avatars.githubusercontent.com/u/778003?v=4)](https://github.com/NightJar "NightJar (1 commits)")[![dnsl48](https://avatars.githubusercontent.com/u/9313746?v=4)](https://github.com/dnsl48 "dnsl48 (1 commits)") --- Tags composersilverstripesilverstripe-maintenancevulnerabilitiescomposersecuritysilverstripeenvironmentupdatesvulnerabilities ### Code Quality TestsPHPUnit Code StylePHP\_CodeSniffer ### Embed Badge ![Health badge](/badges/spekulatius-silverstripe-composer-security-checker/health.svg) ``` [![Health](https://phpackages.com/badges/spekulatius-silverstripe-composer-security-checker/health.svg)](https://phpackages.com/packages/spekulatius-silverstripe-composer-security-checker) ``` ### Alternatives [bringyourownideas/silverstripe-maintenance Toolset to help with the day by day maintenance work. 32221.8k4](/packages/bringyourownideas-silverstripe-maintenance)[bringyourownideas/silverstripe-composer-security-checker Provides information if your SilverStripe application uses dependencies with known vulnerabilities. 11103.9k2](/packages/bringyourownideas-silverstripe-composer-security-checker)[dgtlss/warden A Laravel package that proactively monitors your dependencies for security vulnerabilities by running automated composer audits and sending notifications via webhooks and email 8745.6k](/packages/dgtlss-warden)[feejin/silverstripe-securitytemplates Custom security templates to mirror CMS 128.1k1](/packages/feejin-silverstripe-securitytemplates) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)