PHP - Composer
See a breakdown of the file formats and features supported in PHP.
Debricked currently supports tracking PHP dependencies installed via the Composer dependency manager, using the composer.json files or composer.lock files.
We recommend committing the composer.lock file, as it contains resolved versions of your direct and indirect dependencies, which results in more accurate scan results.
The composer.lock file is generated whenever one of the following is run:
If at least one of the supported files is committed to your repository, it will be automatically scanned for dependencies when you have done any of our integrations to your CI/CD pipeline.
Supported file formats and features
| Package Manager | Supported File Formats | Root dependencies | Indirect dependencies | Dependency trees | Security Scanning | License Scanning | Root Fix | Pull Request | Vulnerable Functionality | High Performance Scan |
|---|---|---|---|---|---|---|---|---|---|---|
Composer | composer.json | Yes | ||||||||
Composer | composer.lock | Yes* |
*This is a native lock file format. Native lock file formats are the fastest formats to scan.
Last updated
