Forrest logo
tool overview
On this page you find all important commands for the CLI tool security-checker. If the command you are looking for is missing please ask our AI.


Security-checker is a command line tool that helps detect vulnerabilities in your Composer dependencies. It scans your composer.lock file and compares the installed packages against a security database.

The tool utilizes the SensioLabs Security Advisories Database, which is a community-driven project that collects security vulnerabilities of popular PHP packages.

By running Security-checker, you can identify any packages with known vulnerabilities and take necessary actions to update or replace them.

It provides information about the specific vulnerabilities found, including their severity level and potential impact on your application's security.

Security-checker supports multiple output formats, allowing you to integrate its results into your continuous integration processes or display them in a readable format.

It is easy to install and use, simply requiring you to install it as a Composer dependency on your project.

The tool can be executed as a part of your build process or run manually whenever needed.

You can specify the directory of your composer.lock file, making the tool flexible for different project setups.

Security-checker is regularly updated to include the latest security advisories, ensuring accurate vulnerability detection.

Using Security-checker helps maintain the security of your PHP project by identifying and addressing potential risks in your dependency tree.

List of commands for security-checker:

  • security-checker:tldr:4d5e8 security-checker: Return results as a JSON object.
    $ security-checker security:check --format=json
    try on your machine
    explain this command
  • security-checker:tldr:9f260 security-checker: Look for security issues in the project dependencies (based on the `composer.lock` file in the current directory).
    $ security-checker security:check
    try on your machine
    explain this command
  • security-checker:tldr:c803d security-checker: Use a specific `composer.lock` file.
    $ security-checker security:check ${path-to-composer-lock}
    try on your machine
    explain this command
tool overview