Locally installed composer had not been checked

Question

Locally installed composer had not been checked

Closed this issue 2 years ago · 1 comments

Today I run the local php security checker inside a project - bam - no vulnerabilities found. Perfect.

But the locally installed composer version is 2.0.14 - it seems that the binary did not detect CVE-2021-41116.

Would it be difficult to check composer itself? Or is that out of scope?

Answer 1 · 2022-04-09T09:17:53.000Z

I would say that this is out of the scope of this utility which is about checking project dependencies indepently of your local tools (Component, PHP? ...).