Use composer audit

tarlepp · tarlepp · commit 16ada13568b6 · 2024-08-31T12:37:37.000+03:00
diff --git a/Dockerfile b/Dockerfile
@@ -46,19 +46,12 @@ RUN chmod +x /app/bin/console
 RUN chmod +x /app/docker-entrypoint.sh
 RUN chmod +x /usr/bin/composer
 
-RUN curl -s https://api.github.com/repos/fabpot/local-php-security-checker/releases/latest | \
-        grep -E "browser_download_url(.+)linux_amd64" | \
-        cut -d : -f 2,3 | \
-        tr -d \" | \
-        xargs -I{} wget -O local-php-security-checker {} \
-    && mv local-php-security-checker /usr/bin/local-php-security-checker \
-    && chmod +x /usr/bin/local-php-security-checker
-
 RUN rm -rf /app/var \
     && mkdir -p /app/var \
     && rm -rf /app/docker \
     && rm -rf /app/public/check.php \
-    && php -d memory_limit=-1 /usr/bin/composer install --no-dev --optimize-autoloader
+    && php -d memory_limit=-1 /usr/bin/composer install --no-dev --optimize-autoloader \
+    && php /usr/bin/composer audit
 
 EXPOSE 9000
 
diff --git a/Dockerfile_dev b/Dockerfile_dev
@@ -85,14 +85,6 @@ COPY ./docker/php/www-dev.conf /usr/local/etc/php-fpm.d/www.conf
 
 RUN chmod -R o+s+w /usr/local/etc/php
 
-RUN curl -s https://api.github.com/repos/fabpot/local-php-security-checker/releases/latest | \
-        grep -E "browser_download_url(.+)linux_amd64" | \
-        cut -d : -f 2,3 | \
-        tr -d \" | \
-        xargs -I{} wget -O local-php-security-checker {} \
-    && mv local-php-security-checker /usr/bin/local-php-security-checker \
-    && chmod +x /usr/bin/local-php-security-checker
-
 RUN groupadd --gid ${HOST_GID} dev \
     && useradd \
         -p $(perl -e 'print crypt($ARGV[0], "password")' 'dev') \
diff --git a/docker-entrypoint-dev.sh b/docker-entrypoint-dev.sh
@@ -6,10 +6,11 @@ set -e
 #   0) Basic linting of current JSON configuration file
 #   1) Export needed environment variables
 #   2) Install all dependencies
-#   3) Generate JWT encryption keys
-#   4) Create database if it not exists yet
-#   5) Run possible migrations, so that database is always up to date
-#   6) Add needed symfony console autocomplete for bash
+#   3) Check if there are any security issues in dependencies
+#   4) Generate JWT encryption keys
+#   5) Create database if it not exists yet
+#   6) Run possible migrations, so that database is always up to date
+#   7) Add needed symfony console autocomplete for bash
 #
 
 # Step 0
@@ -25,15 +26,18 @@ export XDEBUG_SESSION=PHPSTORM
 COMPOSER_MEMORY_LIMIT=-1 composer install --optimize-autoloader
 
 # Step 3
-make generate-jwt-keys
+composer audit
 
 # Step 4
-./bin/console doctrine:database:create --no-interaction --if-not-exists
+make generate-jwt-keys
 
 # Step 5
-./bin/console doctrine:migrations:migrate --no-interaction --allow-no-migration --all-or-nothing
+./bin/console doctrine:database:create --no-interaction --if-not-exists
 
 # Step 6
+./bin/console doctrine:migrations:migrate --no-interaction --allow-no-migration --all-or-nothing
+
+# Step 7
 ./bin/console completion bash >> /home/dev/.bashrc
 
 exec "$@"
