PHP
FOSSA supports PHP projects through Composer.
Tool | Quick Import (app.fossa.com) | CLI (fossa-cli) |
---|---|---|
Composer | composer.json | composer.lock |
CLI (fossa-cli) (Recommended)
To get started, install the latest release of fossa-cli
from our GitHub releases page:
curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install-latest.sh | bash
Once installed, run fossa analyze
inside of your repo's root directory to analyze your Compose project.
You can view our extended documentation here.
Quick Import (app.fossa.com)
If an exact version is not given (i.e. a version range), FOSSA will resolve a dependency to the highest version satisfying the constraint compliant to the Composer versioning spec.
Currently, Repository Scanning of Composer projects have the following limitations:
- We do not elect versions based on the
composer.lock
file. - We currently ignore stability tags (
@dev, @stable
, etc.). - We ignore php and php extensions when inside the
require
key ofcomposer.json
. - We only look at
require
for dependencies. Dev dependencies will be ignored (require-dev
,repositories
,replace
will be ignored). - Non-standard version constraints (i.e.
dev-
, or.x-dev
) currently have stability issues.
Package Data
FOSSA supports any package available on https://packagist.org/.
All code within a package is audited for license information. If a license file is declared by the license
field in composer.json
, it will be elected as a "Declared License" or "Primary License" in the FOSSA UI.
Updated 12 months ago