Skip to content

VulnerabilitiesBundle for Symfony2

Only two days after I pushed the first version of my VersionEyeBundle for Symfony2 to GitHub, Fabien Potencier announced SensioLab's new Security Advisories Checker. This service work quite similar to VersionEye, but instead of uploading your composer.json file your composer.lock file is required to figure out which dependencies are really installed - and if there are any known security issues.

VulnerabilitiesBundle for Symfony2 in Web Debug Toolbar
This is what it looks like in the toolbar

SensioLabs have an upload form in the browser, but conveniently offer an API, too. And, of course, the code of their security-checker is on GitHub. So what could be more natural than to add the results of the security check to the Web Profiler Toolbar right next to all the other useful information? Right. I wrote a second bundle, called VulnerabilitiesBundle, that displays security advisories in the toolbar and the profiler view.

VulnerabilitiesBundle for Symfony2 in Profiler
And this is the Profiler page.

Please keep in mind that this is an early development version that is only intended for use in DEV environments (even if it will be stable someday). It just doesn't make sense on production servers. Feel free to fork, test, and report any issues you encounter. Of course, contributions in the form of pull requests, are more than welcome :-)