Repman's built in Security Scanner automatically checks whether your package uses dependencies with known security vulnerabilities.
It looks for
composer.lock files in your package repository (supports multi lock packages) and reads dependencies list.
It uses FriendsOfPHP Security Advisories database which is kept up to date by a cron job (in two-hour intervals).
In case of vulnerability detection
WARNINGstatus will appear in packages list
- email will be sent to all members of organization (this can be turned off in user profile)
Hovering over status badge will display last scan result:
Clicking on the status badge will redirect to the full scan history:
Scan is performed every time the package is successfully synchronized but you can always trigger manual scan using menu: