diff --git a/.travis.yml b/.travis.yml index f694d9c5..ff0448ca 100644 --- a/.travis.yml +++ b/.travis.yml @@ -28,6 +28,14 @@ install: script: - php bin/phpunit --coverage-clover=coverage.xml + # Perform some simple linting if everything is correct + - ./bin/console lint:yaml config --parse-tags + - ./bin/console lint:twig templates --env=prod + - ./bin/console lint:xliff translations + # Check if we dont use dependencies with known vulnerabilities + - ./bin/console security:check + # Check doctrine mapping + - ./bin/console doctrine:schema:validate --skip-sync -vvv --no-interaction after_success: - bash <(curl -s https://codecov.io/bash) diff --git a/composer.json b/composer.json index 89ddbfa2..351ad5e6 100644 --- a/composer.json +++ b/composer.json @@ -23,6 +23,7 @@ "php-http/message": "^1.8", "s9e/text-formatter": "^2.1", "sensio/framework-extra-bundle": "^5.1", + "sensiolabs/security-checker": "^6.0", "shivas/versioning-bundle": "^3.1", "symfony/apache-pack": "^1.0", "symfony/asset": "4.4.*", @@ -90,7 +91,8 @@ "auto-scripts": { "cache:clear": "symfony-cmd", "ckeditor:install --clear=drop": "symfony-cmd", - "assets:install %PUBLIC_DIR%": "symfony-cmd" + "assets:install %PUBLIC_DIR%": "symfony-cmd", + "security-checker security:check": "script" }, "post-install-cmd": [ "@auto-scripts" diff --git a/composer.lock b/composer.lock index f57a960d..c0b44f1c 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "d2a2ea9f3d0f1ef5e5bb70adcff3a74b", + "content-hash": "d5ab5fdad23b0879dba64df3d0c7346a", "packages": [ { "name": "clue/stream-filter", @@ -3517,6 +3517,54 @@ ], "time": "2019-10-16T18:54:45+00:00" }, + { + "name": "sensiolabs/security-checker", + "version": "v6.0.3", + "source": { + "type": "git", + "url": "https://github.com/sensiolabs/security-checker.git", + "reference": "a576c01520d9761901f269c4934ba55448be4a54" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/sensiolabs/security-checker/zipball/a576c01520d9761901f269c4934ba55448be4a54", + "reference": "a576c01520d9761901f269c4934ba55448be4a54", + "shasum": "" + }, + "require": { + "php": ">=7.1.3", + "symfony/console": "^2.8|^3.4|^4.2|^5.0", + "symfony/http-client": "^4.3|^5.0", + "symfony/mime": "^4.3|^5.0", + "symfony/polyfill-ctype": "^1.11" + }, + "bin": [ + "security-checker" + ], + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "6.0-dev" + } + }, + "autoload": { + "psr-4": { + "SensioLabs\\Security\\": "SensioLabs/Security" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Fabien Potencier", + "email": "fabien.potencier@gmail.com" + } + ], + "description": "A security checker for your composer.lock", + "time": "2019-11-01T13:20:14+00:00" + }, { "name": "shivas/versioning-bundle", "version": "3.2.2", diff --git a/config/packages/security_checker.yaml b/config/packages/security_checker.yaml new file mode 100644 index 00000000..2e905f7f --- /dev/null +++ b/config/packages/security_checker.yaml @@ -0,0 +1,8 @@ +services: + _defaults: + autowire: true + autoconfigure: true + + SensioLabs\Security\SecurityChecker: null + + SensioLabs\Security\Command\SecurityCheckerCommand: null diff --git a/symfony.lock b/symfony.lock index 8da7cc57..1e52e1cf 100644 --- a/symfony.lock +++ b/symfony.lock @@ -307,6 +307,18 @@ "./config/packages/sensio_framework_extra.yaml" ] }, + "sensiolabs/security-checker": { + "version": "4.0", + "recipe": { + "repo": "github.com/symfony/recipes", + "branch": "master", + "version": "4.0", + "ref": "160c9b600564faa1224e8f387d49ef13ceb8b793" + }, + "files": [ + "./config/packages/security_checker.yaml" + ] + }, "shivas/versioning-bundle": { "version": "3.1.3" },