Since a couple days VersionEye is showing security vulnerabilities for PHP. If VersionEye is monitoring a composer.json/composer.lock file for you you will see a security tab in your project detail view, there all the known security vulnerabilities are displayed. The problem with that is that you still have to go into the project and into the security tab to see that. If you have many projects, that can be time consuming. It would be great to see directly in the project overview which of your projects are affected. And now it works like that. Now the vulnerable projects are marked completely red in the project overview.
That way you can see immediately which of your projects are affected and how many known security vulnerabilities are assigned to your project dependencies.
3 thoughts on “Improved Security Feature”
Got a feature request: Distinguish between dev and non-dev dependencies. In case my dev tools are out of date or have security issues I probably can live with it (as they only run on my local machine).
Feature request: Distinguish between dependencies (require) and dev-dependencies (require-dev). If my dev-dependencies are out-of-date or have security issues I can probably live with it as the tools only run on my local machine and never get deployed to production.
Yes. That makes sense. I guess the dependency badge works already like that. It only turn yellow/red if your compile dependencies are affected. Beside that you can “mute” dependencies to turn them “green” until the next version for the dependency comes out 😉