Spryker security checker

Last updated: October 24, 2023

Edit on GitHub

Security Update Checker is a tool that checks if security fixes exist for Spryker modules that are present in your project.

Problem description

A project can sometimes use dependencies that contain known vulnerabilities. To minimize the security risk for the project, these dependencies should be updated to the version that has the vulnerability fixed.

Example of an evaluator error message

========================
SPRYKER SECURITY CHECKER
========================

Message: Security update available for the module spryker/price-product-merchant-relationship-storage, actual version 1.14.0
Target:  spryker/price-product-merchant-relationship-storage:1.15.0

Example of code that causes an evaluator error

Your composer.lock file contains package versions that have security issues:

...
{
    "name": "spryker/price-product-merchant-relationship-storage",
    "version": "1.14.0",
    "source": {
        "type": "git",
        "url": "https://github.com/spryker/price-product-merchant-relationship-storage.git",
        ...
    },
    ...

Resolve the error

To resolve the error, upgrade the package to a version where the vulnerability issue is fixed.

Run only this checker

To run only this checker, include SPRYKER_SECURITY_CHECKER into the checkers list. Example:

vendor/bin/evaluator evaluate --checkers=SPRYKER_SECURITY_CHECKER

Was this article helpful?

Tell us what could be better

Name (Optional)

Email (Optional) Invalid email format.

Type your thoughts here

We appreciate the time you took to share the feedback
and will consider it as soon as possible.