Does Spryker scan the code for Vulnerabilities?
vikram.bishnoi
Spryker Solution Partner Posts: 8 🧑🏻🚀 - Cadet
Hi,
Just wanted to check if Spryker performs periodic scan over the deployed code to identify the vulerabilities. If yes, then how can we enable this and get the report as well.
Thanks
Vikram
0
Comments
-
To my knowledge there is no automatic scanning of the deployed code for security vulnerabilities.
What we do on a project level is to check at least the dependencies for known vulnerabilities with the command below on a nightly base:
docker run \
--mount type=bind,source="$(pwd)/composer.lock",target=/tmp/composer.lock \
ghcr.io/symfony-cli/symfony-cli:v5 \
security:check \
--dir /tmp/composer.lock \
--disable-exit-code=01
Categories
- All Categories
- 38 Getting Started & Guidelines
- 7 Getting Started in the Community
- 8 Additional Resources
- 7 Community Ideas and Feedback
- 32 Spryker News
- 536 Developer Corner
- 407 Spryker Development
- 54 Spryker Dev Environment
- 273 Spryker Releases
- 30 Propel ORM
- 46 Community Projects
- 6 Gacela Project
- 3 PHP Bridge
- 21 Hackathon
- 3.2K 📜 Slack Archives
- 115 Academy
- 5 Business Users
- 370 Docker
- 551 Slack General
- 2K Help
- 75 Knowledge Sharing
- 6 Random
- 4 Code Testing
- 23 Product & Business Questions
- 40 Spryker Safari Questions
- 35 The Blackhole