WebsitePricingBlog

PHP - Composer

See a breakdown of the file formats and features supported in PHP.

Debricked currently tracks PHP dependencies installed through Composer dependency manager, using either the composer.json or composer.lock files.

Debricked recommends including the composer.lock file, as it contains resolved versions of both direct and indirect dependencies, leading to more accurate scan results.

The composer.lock file is generated whenever one of the following commands is executed:

composer install

composer required

composer update

If at least one of the supported files is committed to the repository, it will be automatically scanned for dependencies when integrated with Debricked CI/CD pipeline.

Supported file formats and features

Package Manager
Supported File Formats
Root dependencies
Indirect dependencies
Dependency trees
Security Scanning
License Scanning
Root Fix
Pull Request
Vulnerable Functionality
High Performance Scan

Composer

composer.json

Yes

Composer

composer.lock

Yes*

*This is a native lock file format. Native lock file formats are the fastest formats to scan.

Last updated

Was this helpful?