Documentation

Analysis

Two types of imports are available to perform an analysis of your project.

JSON

It is possible to either copy the JSON of your composer.lock file, or choose the file directly from your computer. Once the analysis is complete, the JSON remains stored in session only in case you want to save it as a project.

json-628fd7b96bdca60257dae4ce8c3e972d.png

GIT

The first field allows you to specify the location of the composer.lock in the case where it is not at the root of the repository.

In the case of a public repository, simply indicate the url of the git repository (https format). In the case of a private repository, you must generate an access token and add it to the URL of the git repository (https format) as in the example below the field.

The last field allows you to specify a branch. If this is empty, the default branch of the project will be used.

git-20dc29d11018a5fb6a7983a3f0be3e89.png

Generate an access token with GitLab

To generate an access token with Gitlab, follow the instructions in the GitLab manual: https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html

Generate an access token with GitHub

To generate an access token with GitHub, follow the instructions in the GitHub manual: https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens

Generate an access token with BitBucket

To generate an access token with Bitbucket, follow the instructions in the Bitbucket manual: https://support.atlassian.com/bitbucket-cloud/docs/access-tokens/

Results

The analysis reveals all vulnerabilities in the dependencies of your composer.lock file. This also brings up all the abandoned outbuildings

It is possible to create a project after having done the analysis. This will allow you to have the history of your project, additional information as well as to stay alerted to new vulnerabilities in your project.  

result-aad5b6d3b5fa7bcc3350c2194a0bb26f.png