You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I found a project that was using security-checker and composer audit in the same CI pipeline but security-checker was reporting the same Drupal core issue as composer audit.
If this project has additional features over composer audit I think they should be listed in the readme or some kind of docs.
So far I only found advantages for composer audit
Some CVEs can be ignored in the composer.json file as opposed to command line options
It reports abandoned packages
The text was updated successfully, but these errors were encountered:
Agreed, they both seem to check against the FriendsOfPHP security advisories database. Is this security checker relevant anymore now that composer seemingly has this functionality built-in?
I found a project that was using security-checker and
composer audit
in the same CI pipeline but security-checker was reporting the same Drupal core issue ascomposer audit
.If this project has additional features over composer audit I think they should be listed in the readme or some kind of docs.
So far I only found advantages for composer audit
composer.json
file as opposed to command line optionsThe text was updated successfully, but these errors were encountered: