# PHP - Composer
Note
The support for this language is currently in beta. Vulnerability results may be less accurate than normal.
We support tracking PHP dependencies installed using Composer dependency manager (opens new window). Either by looking at its composer.json
file or lock file composer.lock
(recommended). You will get the most accurate results if you let us scan your composer.lock
file because it contains resolved versions of your direct and indirect dependencies, hence we recommend to keep this file in your repository.
The composer.lock
file is generated whenever one of the following is run:
composer install
composer required
composer update
By keeping both your composer.json
and composer.lock
files committed to your repository, we will automatically scan them for dependencies, vulnerabilities and licenses when you have done any of our integrations to your CI/CD pipeline.
# Supported features
Package Manager | Security | License | Health |
---|---|---|---|
Composer | ✓ | ✓ | ✓ |