Created
February 20, 2013 09:42
-
-
Save frastel/4994316 to your computer and use it in GitHub Desktop.
Ant target for executing composer.lock vulnerability check provided by SensioLabs https://security.sensiolabs.org without using the CLI command. The command "ant lock_check" will do everything you need for this check. The definition assumes existing folder structure from http://jenkins-php.org/, you may want to modify those paths.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <project name="Project-name-here" default="build" basedir="."> | |
| <target name="lock_check" description="Checks for vulnerabilities through a SensioLabs web service" | |
| depends="lock_reset,lock_get,lock_show"> | |
| <local name="vulnerabilities.clean"/> | |
| <loadfile property="vulnerabilities.clean" | |
| srcfile="${basedir}/build/logs/check_lock.log"> | |
| <filterchain> | |
| <linecontainsregexp> | |
| <regexp pattern="No known\* vulnerabilities detected"/> | |
| </linecontainsregexp> | |
| </filterchain> | |
| </loadfile> | |
| <fail message="Vulnerabilities detected" unless="vulnerabilities.clean"/> | |
| </target> | |
| <target name="lock_reset" description="Deletes any existing old lock check log files"> | |
| <delete file="${basedir}/build/logs/check_lock.log" failonerror="false" quiet="true"/> | |
| </target> | |
| <target name="lock_get" description="Checks for vulnerabilities through a SensioLabs web service"> | |
| <exec dir="${basedir}" executable="curl" failonerror="true"> | |
| <arg value="--silent"/> | |
| <arg value="-o"/> | |
| <arg value="${basedir}/build/logs/check_lock.log"/> | |
| <arg value="-H"/> | |
| <arg value="Accept: text/plain"/> | |
| <arg value="https://security.sensiolabs.org/check_lock"/> | |
| <arg value="-F"/> | |
| <arg value="lock=@composer.lock"/> | |
| </exec> | |
| </target> | |
| <target name="lock_show" description="Displays the result of a vulnerability check"> | |
| <exec dir="${basedir}" executable="cat" failonerror="false"> | |
| <arg value="${basedir}/build/logs/check_lock.log"/> | |
| </exec> | |
| </target> | |
| </project> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment