issues
search
sonatype-nexus-community
/
bach
Dependency vulnerability auditor for PHP
Apache License 2.0
14
stars
15
forks
source link
Create PHP (Composer) OSS Index client MVP
#1
Closed
ken-duck
closed
5 years ago
ken-duck
commented
5 years ago
Create a PHP OSS Index client, with the following features:
Command line tool
Written in PHP
Basic Features
Reads package dependencies from the appropriate PHP "composer" package file(s)
Preferably determines transitive dependencies
Request known vulnerabilities for the dependencies from OSS Index.
Use the POST API at OSS Index
Note the maximum of 128 packages per request
Report to console the packages scanned and detected vulnerabilities, in the style of other OSS Index command line auditing tools
Create a PHP OSS Index client, with the following features:
Basic Features