security-advisories is a part of the Tidelift Subscription

Tidelift is working with the maintainers of security-advisories and thousands of other projects to deliver commercial support and maintenance for the open source dependencies you use to build your applications.

try it free
00119_Tidelift_Intro_Web

The Tidelift Subscription

MANAGED OPEN SOURCE FOR APPLICATION DEVELOPMENT TEAMS

The Tidelift Subscription is a managed open source subscription for application dependencies covering millions of open source projects across JavaScript, Python, Java, PHP, Ruby, .NET, and more.

Your subscription includes:

security-q32019

SECURITY UPDATES

Keep your supply chain secure with patches for new security vulnerabilities.

licensing-v2

LICENSING VERIFICATION AND INDEMNIFICATION

Stay covered with easy licensing policy enforcement and intellectual property indemnification.

maintenance-q32019-2

MAINTENANCE AND CODE IMPROVEMENT

Ensure your open source dependencies are actively maintained, both now and into the future.

version-guidance-q32019-2

PACKAGE SELECTION AND VERSION GUIDANCE

Choose the best open source packages from the start—and then stay on the best releases.

roadmap-q32019-2

ROADMAP INPUT

Take a seat at the table with the creators behind the software you use.

cloud-q32019-2

TOOLING AND CLOUD INTEGRATION

Works with GitHub, GitLab, Bitbucket, and more. Support for every cloud platform.

Bottom line: all the capabilities you expect—and require—from commercial software. But now, for all of the key open source software you depend on.

try it free

Take a tour

About security-advisories

security-advisories is a packagist library that is part of Tidelift Subscription.

roave/security-advisories is a PHP library that prevents installation of Composer packages with known security vulnerabilities: no API, simply require it. This means that roave/security-advisories keeps known security vulnerabilities out of your project.

roave/security-advisories means you don't have to install and run an additional CLI tool for something that Composer can provide directly.

What does that mean?

roave/security-advisories compiles a list of conflict versions from into a composer metapackage, which has tons of advantages, like:

  • No files or actual dependencies are added to the project
  • Packages with security issues are filtered out during dependency resolution
  • No more CLI tool to run separately, no more CI setup steps
  • No need to upgrade the roave/security-advisories separately
  • No coupling or version constraints with any dependencies used by similar CLI-based alternatives

You can learn more about roave/security-advisories in this blog post written by the creator.

roave/security-advisories is available via the Packagist package manager.

 

 

FEATURED DOWNLOAD

The Tidelift guide to managed open source

Speed up development while increasing confidence in the open source software your organization uses

Get the guide