Skip to content

composer.md

Latest commit

 

History

History
57 lines (42 loc) · 1.65 KB

composer.md

File metadata and controls

57 lines (42 loc) · 1.65 KB

Composer Analysis

When developing in PHP, composer is commonly used to manage dependencies.

Strategy Direct Deps Transitive Deps Edges Classifies Dev Dependencies Container Scanning
composer.lock

Project Discovery

Find a file named composer.lock.

Analysis

  1. Parse composer.lock to identify direct and transitive dependencies.

Example

  1. Execute composer init to create a new project or create composer.json manually:

Example composer.json:

{
    "name": "fossa/php-project",
    "description": "example php project",
    "require": {
        "michelf/php-markdown": "^1.9"
    },
    "require-dev": {
        "webmozart/assert": "^1.10"
    },
    "authors": [
        {
            "name": "Megh",
            "email": "megh@fossa.com"
        }
    ]
}
  1. Execute composer update to install and pin dependencies - this will create (or modify) the composer.lock file.
  2. Execute fossa analyze -o on the project to print analyzed dependency graphing (this will not upload any analysis to any endpoint)

FAQ

How do I only perform analysis for the composer?

You can explicitly specify an analysis target in .fossa.yml file. The example below will exclude all analysis targets except for the composer.

# .fossa.yml 

version: 3
targets:
  only:
    - type: composer