✔️ Identify potentially unwanted changes made to your project dependencies using the Sansec Composer integrity plugin
✔️ Scan files automatically via cron or as a manual admin action
✔️ Email and admin notifications for packages that do not meet your desired integrity rating
✔️ Configure a safe list to reduce the noise generated by the scanner
✔️ Supports Magento Open Source and Adobe Commerce
✔️ Theme agnostic
✔️ Dedicated module configuration section secured with custom admin user controls
✔️ Seamless integration with Magento
✔️ Built with developers and extensibility in mind to make customisations as easy as possible
✔️ Installable via Composer
Run the following command to install this module:
composer require element119/module-sansec-composer-integrity-checker
php bin/magento setup:upgradeIt is also recommended that you enable the scans and lock the related config value:
php bin/magento config:set --lock-config system/sansec_composer_integrity_checker/scan_enable 1Run the following command to update this module:
composer update element119/module-sansec-composer-integrity-checker
php bin/magento setup:upgradeRun the following command to uninstall this module:
composer remove element119/module-sansec-composer-integrity-checker
php bin/magento setup:upgradeConfiguration for this module can be found in the Magento admin under Stores -> Settings -> Configuration -> Advanced -> System -> Sansec Composer Integrity Checker
The results of the most recent scan can be seen in the admin by navigating to Reports -> Sansec Composer Integrity Checker -> Integrity Status.
The Sansec Composer integrity scan can be disabled by setting this option to No. This is set to Yes by default.
The value specified here determines the minimum match percentage required for the integrity checks to be considered sucessful. Admins will be notified of any packages that fail to meet this number via a warning and email notifications will be sent if enabled.
Determines whether to only show packages that have failed to meet the match threshold in the admin grid. This feature is
disabled by default but can be enabled by setting this option to Yes.
Allow emails to be sent when the Sansec Composer integrity checker finds discrepancies with your dependency files.
This feature is disabled by default but can be enabled by setting this option to Yes. Once enabled you will be able
to configure a threshold for dependency matching as well as a list of email address to notify when a failure occurs.
This option is only considered when integrity failure emails are enabled. These dynamic rows allow you to configure a series of email addresses that should be notified when packages fail to meet the configured threshold.
Allows specified packages to be removed from various reporting channels. This feature is disabled by default but can
be enabled by setting this option to Yes.
This option is only considered when the package ignore list is enabled. These dynamic rows allow you to configure a
set of packages that should be ignored for various reporting channels. The values expected here are the Composer
package names in the format vendor/package-name.
This option is only considered when the package ignore list is enabled. This feature is disabled by default but can
be enabled by setting this option to Yes. When enabled, ignored packages will be removed from the admin grid.
This option is only considered when the package ignore list is enabled. This feature is disabled by default but can
be enabled by setting this option to Yes. When enabled, ignored packages will not be considered when determining
whether to display the admin notification and the number of packages it reports as having failed to meet the
threshold.
This option is only considered when email notifications are enabled and when the package ignore list is enabled.
This feature is disabled by default but can be enabled by setting this option to Yes. When enabled, ignored
packages will be removed from email notifications.
