Add docs for security-checker using Composer Audit

phpro · Jan 29, 2024 · 2a01f7e · 2a01f7e
1 parent 9523d62
commit 2a01f7e
Show file tree

Hide file tree

Showing 3 changed files with 53 additions and 2 deletions.
diff --git a/doc/tasks.md b/doc/tasks.md
@@ -54,6 +54,7 @@ grumphp:
         psalm: ~
         rector: ~
         robo: ~
+        securitychecker_composeraudit: ~
         securitychecker_enlightn: ~
         securitychecker_local: ~
         securitychecker_roave: ~
@@ -119,6 +120,7 @@ Every task has its own default configuration. It is possible to overwrite the pa
 - [Rector](tasks/rector.md)
 - [Robo](tasks/robo.md)
 - [Security Checker](tasks/securitychecker.md)
+  - [Composer Audit](tasks/securitychecker/composeraudit.md)
   - [Enlightn](tasks/securitychecker/enlightn.md)
   - [Local](tasks/securitychecker/local.md)
   - [Roave](tasks/securitychecker/roave.md)
@@ -205,7 +207,7 @@ interface TaskInterface
 }
 ```
 
-* `getConfigurableOptions`: This method has to return all configurable options for the task. 
+* `getConfigurableOptions`: This method has to return all configurable options for the task.
 * `canRunInContext`: Tells GrumPHP if it can run in `pre-commit`, `commit-msg` or `run` context.
 * `run`: Executes the task and returns a result
 * `getConfig`: Provides the resolved configuration for the task or an empty config for newly instantiated tasks.
@@ -260,7 +262,7 @@ For a more detailed view on how to use these classes, you can scroll through our
 
 In some cases you might want to run the same task but with different configuration.
 Good news: This is perfectly possible!
-You can use any name you want for the task, as long as you configure an existing task in the metadata section. 
+You can use any name you want for the task, as long as you configure an existing task in the metadata section.
 Configuration of the additional task will look like this:
 
 ```yaml

diff --git a/doc/tasks/securitychecker.md b/doc/tasks/securitychecker.md
@@ -4,6 +4,7 @@ The SensioLabs Security Checker API is abandoned
 
 You can use one of following tasks as a replacement:
 
+- [securitychecker_composeraudit](securitychecker/composeraudit.md)
 - [securitychecker_enlightn](securitychecker/enlightn.md)
 - [securitychecker_local](securitychecker/local.md)
 - [securitychecker_roave](securitychecker/roave.md)

diff --git a/doc/tasks/securitychecker/composeraudit.md b/doc/tasks/securitychecker/composeraudit.md
@@ -0,0 +1,48 @@
+# Composer Audit Security Checker
+
+The Security Checker will check your `composer.lock` file for known security vulnerabilities.
+
+***Config***
+
+The task lives under the `securitychecker_composeraudit` namespace and has the following configurable parameters:
+
+```yaml
+# grumphp.yml
+grumphp:
+    tasks:
+        securitychecker_composeraudit:
+            locked: true
+            no_dev: false
+            run_always: false
+            working_dir: ./
+```
+
+**format**
+
+*Default: null*
+
+You can choose the format of the output. The available options are `table`, `plain`, `json` and `summary`. By default, grumphp will use the format `table`.
+
+**locked**
+
+*Default: true*
+
+Audit packages from the lock file, regardless of what is currently in vendor dir.
+
+**no_dev**
+
+*Default: false*
+
+When this option is set to `true`, the task will skip packages under `require-dev`.
+
+**run_always**
+
+*Default: false*
+
+When this option is set to `false`, the task will only run when the `composer.lock` file has changed. If it is set to `true`, the `composer.lock` file will be checked on every commit.
+
+**working_dir**
+
+*Default: ./*
+
+If your `composer.lock` file is located in an exotic location, you can specify the location with this option. By default, the task will try to load a `composer.lock` file in the current directory.