Does Spryker scan the code for Vulnerabilities?

vikram.bishnoi
vikram.bishnoi Spryker Solution Partner Posts: 15 🧑🏻‍🚀 - Cadet

Hi,

Just wanted to check if Spryker performs periodic scan over the deployed code to identify the vulerabilities. If yes, then how can we enable this and get the report as well.

Thanks

Vikram

Comments

  • Alberto Reyer
    Alberto Reyer Lead Spryker Solution Architect / Technical Director Posts: 690 🪐 - Explorer

    To my knowledge there is no automatic scanning of the deployed code for security vulnerabilities.

    What we do on a project level is to check at least the dependencies for known vulnerabilities with the command below on a nightly base:

    docker run \
    --mount type=bind,source="$(pwd)/composer.lock",target=/tmp/composer.lock \
    ghcr.io/symfony-cli/symfony-cli:v5 \
    security:check \
    --dir /tmp/composer.lock \
    --disable-exit-code=0