PHP Application Analysis

NEW IN RELEASE 86

The Composer coordinate based matching feature provides the ability to scan and evaluate PHP dependencies found in the composer.lock file.

What is supported

Files named composer.lock (generated by PHP composer)  will be analyzed

Integrations with Composer scanning support

  • CLI from version 86
  • Jenkins from version 3.8.20200310-130318.c482b58
  • Bamboo from version 1.15.1-01

Steps to analyze using the CLI

Invoke a CLI scan of a directory or subdirectories containing a composer.lock file.  Instructions on how to do this can be found here: Nexus IQ CLI.

Example composer.lock file (file is edited for clarity)

{
  "hash": "8ca6b6b80bab36b5287b4292abee988f",
  "packages": [
    {
      "name": "bower-asset/bootstrap",
      "version": "v3.2.0",
      "source": {
        "type": "git",
        "url": "https://github.com/twbs/bootstrap.git",
        "reference": "c068162161154a4b85110ea1e7dd3d7897ce2b72"
      }
    },
	{
      "name": "bower-asset/jquery",
      "version": "2.1.1",
      "source": {
        "type": "git",
        "url": "https://github.com/jquery/jquery.git",
        "reference": "4dec426aa2a6cbabb1b064319ba7c272d594a688"
      }
    },
    {
      "name": "components/jqueryui",
      "version": "1.11.4"
    }
  ]
}

Output from cli

Dashboard results

Report results