Keep your supply chain secure with patches for new security vulnerabilities.
Stay covered with easy licensing policy enforcement and intellectual property indemnification.
Ensure your open source dependencies are actively maintained, both now and into the future.
Choose the best open source packages from the start—and then stay on the best releases.
Take a seat at the table with the creators behind the software you use.
Works with GitHub, GitLab, Bitbucket, and more. Support for every cloud platform.
roave/security-advisories is a PHP library that prevents installation of Composer packages with known security vulnerabilities: no API, simply require it. This means that roave/security-advisories keeps known security vulnerabilities out of your project.
roave/security-advisories means you don't have to install and run an additional CLI tool for something that Composer can provide directly.
What does that mean?
roave/security-advisories compiles a list of conflict versions from into a composer metapackage, which has tons of advantages, like:
You can learn more about roave/security-advisories in this blog post written by the creator.
roave/security-advisories is available via the Packagist package manager.