Snyk for PHP
The following describes how to use Snyk to scan your PHP projects:
The way by which Snyk analyzes and builds the tree varies depending on the language and package manager of the project, as well as the location of your project:
The way by which Snyk analyzes and builds the tree varies depending on the language and package manager of the project.
In order to build the dependency tree Snyk analyzes the
composer.lockfiles that it finds to analyze the dependencies and their versions.
- Ensure you've installed the relevant package manager before you begin using the Snyk CLI tool.
- Ensure you've included the relevant manifest files supported by Snyk before testing.
- Install and authenticate the Snyk CLI to start analyzing projects from your local environment.
There are no unique parameters when running Snyk for PHP.
PHP projects can be imported from any of the Git services we support. Once imported, Snyk analyzes your projects based on their supported manifest files.
Once you select a project for import, we build the dependency tree based on these manifest files:
By default, Snyk scans your production dependencies. From the Snyk UI you can configure whether to include your development dependencies (
require_dev) in the scan for vulnerabilities.
- 1.Log in to your account and navigate to the relevant group and organization that you want to manage
- 2.Click on settings> Languages.
- 3.Click Edit settings for PHP and select Scan dev dependencies to set for your PHP projects in the specific organization to include both development and production dependencies.
- 4.Click Update settings.
These settings will then be applied to all newly imported projects, and once re-tested, to all existing projects.
The following error messages may appear for you when working with your PHP projects:
- composer.json or composer.lock not found in path
- Manifest file not found in path
- Lockfile missing packages property
- Lockfile or manifest file is not a valid JSON