Security Scanner
Repman's built in Security Scanner automatically checks whether your package uses dependencies with known security vulnerabilities.
It looks for composer.lock
files in your package repository (supports multi lock packages) and reads dependencies list.
It uses FriendsOfPHP Security Advisories database which is kept up to date by a cron job (in two-hour intervals).
In case of vulnerability detection
WARNING
status will appear in packages list- email will be sent to all members of organization (this can be turned off in user profile)
Hovering over status badge will display last scan result:
Clicking on the status badge will redirect to the full scan history:
Scan is performed every time the package is successfully synchronized but you can always trigger manual scan using menu: