Calling Developers!
We are reenergizing our code contribution process!
Learn MoreDoes Spryker scan the code for Vulnerabilities?
Options
vikram.bishnoi
Spryker Solution Partner Posts: 14 🧑🏻🚀 - Cadet
Hi,
Just wanted to check if Spryker performs periodic scan over the deployed code to identify the vulerabilities. If yes, then how can we enable this and get the report as well.
Thanks
Vikram
0
Comments
-
To my knowledge there is no automatic scanning of the deployed code for security vulnerabilities.
What we do on a project level is to check at least the dependencies for known vulnerabilities with the command below on a nightly base:
docker run \
--mount type=bind,source="$(pwd)/composer.lock",target=/tmp/composer.lock \
ghcr.io/symfony-cli/symfony-cli:v5 \
security:check \
--dir /tmp/composer.lock \
--disable-exit-code=01
Categories
- All Categories
- 42 Getting Started & Guidelines
- 7 Getting Started in the Community
- 8 Additional Resources
- 7 Community Ideas and Feedback
- 56 Spryker News
- 807 Developer Corner
- 682 Spryker Development
- 74 Spryker Dev Environment
- 360 Spryker Releases
- 33 Propel ORM
- 64 Community Projects
- Community Contribution - Ideation Board
- 30 Hackathon
- 3 PHP Bridge
- 6 Gacela Project
- 20 Job Opportunities
- 3.2K 📜 Slack Archives
- 116 Academy
- 5 Business Users
- 370 Docker
- 551 Slack General
- 2K Help
- 75 Knowledge Sharing
- 6 Random Stuff
- 4 Code Testing
- 28 Product & Business Questions
- 61 Spryker Safari Questions
- 49 Random