Supported frameworks and package managers

Code analysis

Interfile is supported, as the data flow is monitored between multiple files.

Snyk Code supports the following frameworks:

  • Symfony

  • Laravel

  • PHP Standards

Open source and licensing

Open source policy

To manage licenses from your developer workflows through policy, see the following topics:

Open source license compliance

To check compliance for open source licenses, see Getting Started with Snyk License Compliance Management.

Open source supported features

Feature availability Features might not be available, depending on your plan. See pricing plans for more details.

Package managers / Features





License scanning

Fix PRs




After Snyk has built the dependencies tree, Snyk uses the vulnerability database to find vulnerabilities in any of the packages anywhere in the dependency tree.

To scan your dependencies, you must ensure you have first installed the relevant package manager, and that your Project contains the supported manifest files.

The way Snyk analyzes and builds the dependencies tree varies depending on the language and package manager of the Project, as well as the location of your Project.

Getting started with Snyk for PHP across environments

Snyk CLI


  1. Ensure you have installed the relevant package manager before you begin using the Snyk CLI (open source).

  2. Ensure you have included the relevant manifest files supported by Snyk before testing.

Code analysis

To start testing your code using Snyk Code open your repository in a terminal and run the following command:

snyk code test

To customize test options, run other commands, exclude directories and files, and explore the results in different formats, see the following:

Open source and licensing

To build the dependency tree, Snyk analyzes the composer.json and composer.lock files to identify the dependencies and their versions.

There are no unique options for use when running Snyk for PHP.

For more information about Snyk CLI see Getting started with the CLI.

Snyk Web UI (Git repository integration)

PHP Projects can be imported from any of the Git services Snyk supports. After Projects have been imported, Snyk analyzes your Projects based on their supported manifest files.

Once you select a Project for import, Snyk builds the dependency tree based on these manifest files. Both of the following files are required:

  • composer.json

  • composer.lock

If the composer.lock file is not present in the repository, the import will not process the composer.json manifest.

By default, Snyk scans your production dependencies. From the Snyk Web UI you can configure whether to include your development dependencies (require_dev) in the scan for vulnerabilities.

To update language preferences:

  1. Log in to your account and navigate to the relevant Group and Organization that you want to manage.

  2. Select Settings, then Languages.

  3. Select Edit settings for PHP and select Scan dev dependencies to set your PHP projects in the specific Organization to include both development and production dependencies.

  4. Select Update settings.

These settings are applied to all newly imported Projects and to all existing Projects when they are re-tested.

What's next?

Snyk integrations

🔗 For integrated development environments, see Use Snyk in your IDE.

🔗 If you prefer continuous integration/continuous delivery workflows, you can scan with Snyk based on the integration with your automation software (see Snyk CI/CD and Snyk API).


If you need help, contact Snyk Support.

Last updated

More information

Snyk privacy policy

© 2023 Snyk Limited | All product and company names and logos are trademarks of their respective owners.