Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Differences with composer audit #39

Open
rodrigoaguilera opened this issue Mar 7, 2024 · 1 comment
Open

Differences with composer audit #39

rodrigoaguilera opened this issue Mar 7, 2024 · 1 comment

Comments

@rodrigoaguilera
Copy link

rodrigoaguilera commented Mar 7, 2024

I found a project that was using security-checker and composer audit in the same CI pipeline but security-checker was reporting the same Drupal core issue as composer audit.

If this project has additional features over composer audit I think they should be listed in the readme or some kind of docs.

So far I only found advantages for composer audit

  • Some CVEs can be ignored in the composer.json file as opposed to command line options
  • It reports abandoned packages
@bkosborne
Copy link

Agreed, they both seem to check against the FriendsOfPHP security advisories database. Is this security checker relevant anymore now that composer seemingly has this functionality built-in?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants