Merge branch 'hotfix/security-checker'

Signed-off-by: Aleksandr Beshkenadze <ab@caesar.team>

Author: beshkenadze

Dockerfile

@@ -76,10 +76,27 @@ RUN bash init_db.sh postgres & wait-for-it.sh 127.0.0.1:5432 -- echo "postgres i
 FROM node:10-alpine AS yarn-enc
 COPY . .
 RUN yarn install && yarn encore production
+
+## ---- security-checker ----
+FROM base AS security-checker
+## install vendors
+RUN apk add --no-cache git make musl-dev go
+# Configure Go
+ENV GOROOT /usr/lib/go
+ENV GOPATH /usr/src/go
+ENV PATH /usr/src/go/bin:$PATH
+RUN mkdir -p ${GOPATH}/src ${GOPATH}/bin /usr/src/go /usr/src/security-checker
+RUN curl -Lo /usr/src/security-checker.tar.gz https://github.com/fabpot/local-php-security-checker/archive/v1.0.0.tar.gz
+RUN tar -xvzf /usr/src/security-checker.tar.gz -C /usr/src/
+RUN cd /usr/src/local-php-security-checker-1.0.0 && go build
+RUN chmod +x /usr/src/local-php-security-checker-1.0.0/local-php-security-checker && cp /usr/src/local-php-security-checker-1.0.0/local-php-security-checker /usr/local/bin/
+
+
 ## ---- Dependencies ----
 FROM base AS dependencies
 ## install vendors
 USER www-data
+COPY --chown=www-data:www-data --from=security-checker /usr/local/bin/local-php-security-checker /usr/local/bin/local-php-security-checker
 RUN APP_ENV=prod composer install --prefer-dist --no-plugins --no-scripts --no-dev --optimize-autoloader
 #
 ## ---- Release ----

composer.json

@@ -99,7 +99,7 @@
         "auto-scripts": {
             "cache:clear": "symfony-cmd",
             "assets:install %PUBLIC_DIR%": "symfony-cmd",
-            "security:check": "symfony-cmd"
+            "local-php-security-checker --path=/var/www/html/composer.lock --format=ansi": "script"
         },
         "post-install-cmd": [
             "@auto-scripts"