Loading README.md +11 −0 Original line number Diff line number Diff line Loading @@ -150,3 +150,14 @@ It uses the following variable: | Name | description | default value | | ------------------- | ---------------------------------------- | ----------------- | | `PHP_OUTDATED_OPTS` | [`composer outdated` options](https://getcomposer.org/doc/03-cli.md#outdated) | `--direct` | ### `php-composer-audit` job This job performs a vulnerability scan in your dependencies with [`composer audit`](https://getcomposer.org/doc/03-cli.md#audit). It is bound to the `test` stage, and uses the following variables: | Name | description | default value | | ------------------- | ---------------------------------------- | ----------------- | | `PHP_COMPOSER_AUDIT_DISABLED` | Set to `true` to disable this job | _none_ (enabled) | | `PHP_COMPOSER_AUDIT_OPTS` | [`composer audit` options](https://getcomposer.org/doc/03-cli.md#audit) | `--locked` | kicker.json +14 −0 Original line number Diff line number Diff line Loading @@ -74,6 +74,20 @@ "advanced": true } ] }, { "id": "audit", "name": "composer audit", "description": " Scan your dependencies for vulnerabilities with [`composer audit`](https://getcomposer.org/doc/03-cli.md#audit)", "disable_with": "PHP_COMPOSER_AUDIT_DISABLED", "variables": [ { "name": "PHP_COMPOSER_AUDIT_OPTS", "description": "[`composer audit` options](https://getcomposer.org/doc/03-cli.md#audit)", "default": "--locked", "advanced": true } ] } ] } templates/gitlab-ci-php.yml +12 −0 Original line number Diff line number Diff line Loading @@ -52,6 +52,7 @@ variables: # Version of the cyclonedx/cyclonedx-php-composer used for SBOM analysis PHP_SBOM_OPTS: "--exclude-plugins --exclude-dev" PHP_OUTDATED_OPTS: "--direct" PHP_COMPOSER_AUDIT_OPTS: "--locked" # default production ref name (pattern) PROD_REF: '/^(master|main)$/' Loading Loading @@ -370,3 +371,14 @@ php-sbom: - if: '$PHP_SBOM_DISABLED == "true"' when: never - !reference [.test-policy, rules] php-composer-audit: extends: .php-base stage: test script: - docomposer audit --no-interaction $PHP_COMPOSER_AUDIT_OPTS rules: # exclude if disabled - if: '$PHP_COMPOSER_AUDIT_DISABLED == "true"' when: never - !reference [.test-policy, rules] Loading
README.md +11 −0 Original line number Diff line number Diff line Loading @@ -150,3 +150,14 @@ It uses the following variable: | Name | description | default value | | ------------------- | ---------------------------------------- | ----------------- | | `PHP_OUTDATED_OPTS` | [`composer outdated` options](https://getcomposer.org/doc/03-cli.md#outdated) | `--direct` | ### `php-composer-audit` job This job performs a vulnerability scan in your dependencies with [`composer audit`](https://getcomposer.org/doc/03-cli.md#audit). It is bound to the `test` stage, and uses the following variables: | Name | description | default value | | ------------------- | ---------------------------------------- | ----------------- | | `PHP_COMPOSER_AUDIT_DISABLED` | Set to `true` to disable this job | _none_ (enabled) | | `PHP_COMPOSER_AUDIT_OPTS` | [`composer audit` options](https://getcomposer.org/doc/03-cli.md#audit) | `--locked` |
kicker.json +14 −0 Original line number Diff line number Diff line Loading @@ -74,6 +74,20 @@ "advanced": true } ] }, { "id": "audit", "name": "composer audit", "description": " Scan your dependencies for vulnerabilities with [`composer audit`](https://getcomposer.org/doc/03-cli.md#audit)", "disable_with": "PHP_COMPOSER_AUDIT_DISABLED", "variables": [ { "name": "PHP_COMPOSER_AUDIT_OPTS", "description": "[`composer audit` options](https://getcomposer.org/doc/03-cli.md#audit)", "default": "--locked", "advanced": true } ] } ] }
templates/gitlab-ci-php.yml +12 −0 Original line number Diff line number Diff line Loading @@ -52,6 +52,7 @@ variables: # Version of the cyclonedx/cyclonedx-php-composer used for SBOM analysis PHP_SBOM_OPTS: "--exclude-plugins --exclude-dev" PHP_OUTDATED_OPTS: "--direct" PHP_COMPOSER_AUDIT_OPTS: "--locked" # default production ref name (pattern) PROD_REF: '/^(master|main)$/' Loading Loading @@ -370,3 +371,14 @@ php-sbom: - if: '$PHP_SBOM_DISABLED == "true"' when: never - !reference [.test-policy, rules] php-composer-audit: extends: .php-base stage: test script: - docomposer audit --no-interaction $PHP_COMPOSER_AUDIT_OPTS rules: # exclude if disabled - if: '$PHP_COMPOSER_AUDIT_DISABLED == "true"' when: never - !reference [.test-policy, rules]
