Replace SensioLabs Security Checker with CLI tool

phpro / grumphp

A PHP code-quality tool

MIT License

4.13k stars 430 forks source link

Replace SensioLabs Security Checker with CLI tool #871

Closed JeppeKnockaert closed 3 years ago

JeppeKnockaert commented 3 years ago

Q	A
Branch	master
Bug fix?	no
New feature?	no
BC breaks?	yes
Deprecations?	no
Documented?	yes
Fixed tickets	https://github.com/phpro/grumphp/issues/865

This PR replaces sensiolabs/security-checker (which will be abandoned at the end of January) and replaces it by fabpot/local-php-security-checker (as recommended by sensiolabs/security-checker in their readme).

paras-malhotra commented 3 years ago

@JeppeKnockaert, the advantage of https://github.com/phpro/grumphp/pull/870 over this PR is licensing. The fabpot/local-php-security checker is licensed under AGPL (different from the sensiolabs/security-checker that was licensed under MIT). It is difficult to pull in AGPL licensed stuff in many projects. Note that AGPL is the strictest GPL license, more restrictive than GPLv3. The enlightn/security-checker is MIT.

JeppeKnockaert commented 3 years ago

Good point, I'll close this one in favour of yours! 👍