Does Spryker scan the code for Vulnerabilities?
vikram.bishnoi
Spryker Solution Partner Posts: 15 🧑🏻🚀 - Cadet
Hi,
Just wanted to check if Spryker performs periodic scan over the deployed code to identify the vulerabilities. If yes, then how can we enable this and get the report as well.
Thanks
Vikram
0
Comments
-
To my knowledge there is no automatic scanning of the deployed code for security vulnerabilities.
What we do on a project level is to check at least the dependencies for known vulnerabilities with the command below on a nightly base:
docker run \
--mount type=bind,source="$(pwd)/composer.lock",target=/tmp/composer.lock \
ghcr.io/symfony-cli/symfony-cli:v5 \
security:check \
--dir /tmp/composer.lock \
--disable-exit-code=01
Categories
- All Categories
- 42 Getting Started & Guidelines
- 7 Getting Started in the Community
- 8 Additional Resources
- 7 Community Ideas and Feedback
- 66 Spryker News
- 883 Developer Corner
- 747 Spryker Development
- 83 Spryker Dev Environment
- 360 Spryker Releases
- 3 Oryx frontend framework
- 33 Propel ORM
- 68 Community Projects
- 3 Community Ideation Board
- 30 Hackathon
- 3 PHP Bridge
- 6 Gacela Project
- 22 Job Opportunities
- 3.2K 📜 Slack Archives
- 116 Academy
- 5 Business Users
- 370 Docker
- 551 Slack General
- 2K Help
- 75 Knowledge Sharing
- 6 Random Stuff
- 4 Code Testing
- 32 Product & Business Questions
- 67 Spryker Safari Questions
- 50 Random