Calling Developers!
We are reenergizing our code contribution process!
Learn MoreHi,
Just wanted to check if Spryker performs periodic scan over the deployed code to identify the vulerabilities. If yes, then how can we enable this and get the report as well.
Thanks
Vikram
To my knowledge there is no automatic scanning of the deployed code for security vulnerabilities.
What we do on a project level is to check at least the dependencies for known vulnerabilities with the command below on a nightly base:
docker run \
--mount type=bind,source="$(pwd)/composer.lock",target=/tmp/composer.lock \
ghcr.io/symfony-cli/symfony-cli:v5 \
security:check \
--dir /tmp/composer.lock \
--disable-exit-code=0