PHPackages                             violinist-dev/symfony-cloud-security-checker - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. violinist-dev/symfony-cloud-security-checker

ActiveLibrary[Security](/categories/security)

violinist-dev/symfony-cloud-security-checker
============================================

A wrapper for the symfony cli security checker

3.0.0(1y ago)0206.6k↑74.1%1MITPHP

Since Feb 2Pushed 1y ago1 watchersCompare

[ Source](https://github.com/violinist-dev/symfony-cloud-security-checker)[ Packagist](https://packagist.org/packages/violinist-dev/symfony-cloud-security-checker)[ RSS](/packages/violinist-dev-symfony-cloud-security-checker/feed)WikiDiscussions main Synced 1mo ago

READMEChangelog (3)Dependencies (5)Versions (5)Used By (1)

symfony-cloud-security-checker
==============================

[](#symfony-cloud-security-checker)

[![Test](https://github.com/violinist-dev/symfony-cloud-security-checker/actions/workflows/test.yml/badge.svg)](https://github.com/violinist-dev/symfony-cloud-security-checker/actions/workflows/test.yml)[![Coverage Status](https://camo.githubusercontent.com/ecbffe537b7857bf9656f957188f71e001ae6da5fcb5aefaf37808abf9dc2c34/68747470733a2f2f636f766572616c6c732e696f2f7265706f732f6769746875622f76696f6c696e6973742d6465762f73796d666f6e792d636c6f75642d73656375726974792d636865636b65722f62616467652e7376673f6272616e63683d6d6173746572)](https://coveralls.io/github/violinist-dev/symfony-cloud-security-checker?branch=master)[![Violinist enabled](https://camo.githubusercontent.com/d9732258721280d90f7f95b5f928ea5c63eb6d3d740151d62e4a9ad1660d95d3/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f76696f6c696e6973742d656e61626c65642d627269676874677265656e2e737667)](https://violinist.io)

Wraps the symfony command, so we can check for security updates, with local cache.

Why?
----

[](#why)

Because if you try to use a service like the sensiolabs security checker ( / ) it has a rate limit. The symfony command uses a local cache.

Installation
------------

[](#installation)

```
composer require violinist-dev/symfony-cloud-security-checker
```

You also need to download the [symfony client](https://symfony.com/download) and make it available in your `$PATH`.

Usage
-----

[](#usage)

```
$checker = new \Violinist\SymfonyCloudSecurityChecker\SecurityChecker();
$directory = '/my/project/directory/with/composer/lock/file';
try {
    $result = $checker->checkDirectory($directory);
    // Result will now be an array keyed with projects that has security advisories. Like so, for the example in the
    // tests (dompdf/dompdf):
    //array (
    //    'dompdf/dompdf' =>
    //        array (
    //            'version' => 'v0.6.0',
    //            'advisories' =>
    //                array (
    //                    0 =>
    //                        array (
    //                            'title' => 'PHP remote file inclusion vulnerability in dompdf.php',
    //                            'link' => 'https://github.com/dompdf/dompdf/releases/tag/v0.6.2',
    //                            'cve' => 'CVE-2010-4879',
    //                        ),
    //                    1 =>
    //                        array (
    //                            'title' => 'Arbitrary file read in dompdf',
    //                            'link' => 'https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2383/',
    //                            'cve' => 'CVE-2014-2383',
    //                        ),
    //                    2 =>
    //                        array (
    //                            'title' => 'Information Disclosure',
    //                            'link' => 'https://github.com/dompdf/dompdf/releases/tag/v0.6.2',
    //                            'cve' => 'CVE-2014-5011',
    //                        ),
    //                    3 =>
    //                        array (
    //                            'title' => 'Denial Of Service Vector',
    //                            'link' => 'https://github.com/dompdf/dompdf/releases/tag/v0.6.2',
    //                            'cve' => 'CVE-2014-5012',
    //                        ),
    //                    4 =>
    //                        array (
    //                            'title' => 'Remote Code Execution (complement of CVE-2014-2383)',
    //                            'link' => 'https://github.com/dompdf/dompdf/releases/tag/v0.6.2',
    //                            'cve' => 'CVE-2014-5013',
    //                        ),
    //                ),
    //        ),
    //)
}
catch (Exception $e) {
    // This can happen if you do not have the symfony command installed, and available in your PATH.
    // It can also happen if the command itself creates unexpected output. Like it probably would if you ran it for the
    // first time without an internet connection, for example.
}
```

###  Health Score

39

—

LowBetter than 86% of packages

Maintenance36

Infrequent updates — may be unmaintained

Popularity32

Limited adoption so far

Community11

Small or concentrated contributor base

Maturity63

Established project with proven stability

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~1038 days

Total

3

Last Release

586d ago

Major Versions

1.0.0 → 2.0.02022-08-17

2.0.0 → 3.0.02024-10-10

### Community

Maintainers

![](https://www.gravatar.com/avatar/012259317b9e5a3b6cc2b03681d852940e11ac05f37bfbda7360d6524b1c9085?d=identicon)[eiriksm](/maintainers/eiriksm)

---

Top Contributors

[![eiriksm](https://avatars.githubusercontent.com/u/865153?v=4)](https://github.com/eiriksm "eiriksm (36 commits)")

###  Code Quality

TestsPHPUnit

Code StylePHP\_CodeSniffer

### Embed Badge

![Health badge](/badges/violinist-dev-symfony-cloud-security-checker/health.svg)

```
[![Health](https://phpackages.com/badges/violinist-dev-symfony-cloud-security-checker/health.svg)](https://phpackages.com/packages/violinist-dev-symfony-cloud-security-checker)
```

###  Alternatives

[matomo/matomo

Matomo is the leading Free/Libre open analytics platform

21.4k37.3k](/packages/matomo-matomo)[enlightn/security-checker

A PHP dependency vulnerabilities scanner based on the Security Advisories Database.

33732.2M110](/packages/enlightn-security-checker)[payu/apple-pay

ApplePay Token Decoder

51983.2k](/packages/payu-apple-pay)[rezzza/vaultage

Keep secrets secret

214.4k](/packages/rezzza-vaultage)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)