April 5, 2018 Javier Eguiluz

Security is the hardest part of most applications. Even if you follow the latest best practices about security in your own code, there's still the issue of inspecting the third-party code of the dependencies used in your projects.

You can't review every single line of external code used in your application. That's why we've created Symfony Security Monitoring, a service that checks your dependencies continuously for known security vulnerabilities and it's compatible with any PHP project that uses Composer.

The service is simple to use: upload the contents of your composer.lock file and we'll start monitoring those packages and those exact versions continuously to alert you as soon as a vulnerability is disclosed for them.

This continuous security monitoring is better than checking your dependencies automatically on your continuous integration platform. Instead of checking for vulnerabilities when building or deploying the project, we check them 24 hours a day, every day.

This service is also great for projects that you don't work on anymore or with a low maintenance. In those cases, continuous integration is not interesting anymore, and it's useful to have instead a bot that alerts you whenever a new vulnerability is discovered and impacts your project.

The pricing of the service is simple too. Instead of a monthly subscription, the service charges you once for three years of unlimited alerts and security checks for one project. The equivalent monthly price is as low as 2 euros.