Enhancement: Run 'composer audit' on GitHub Actions and in Makefile

.github/settings.yml

@@ -17,6 +17,7 @@ branches:
           - "Code Coverage (7.4, locked)"
           - "Coding Standards (7.4, locked)"
           - "Dependency Analysis (7.4, locked)"
+          - "Security (7.4, locked)"
           - "Static Code Analysis (7.4, locked)"
           - "Tests (7.4, highest)"
           - "Tests (7.4, locked)"

.github/workflows/integrate.yaml

@@ -177,6 +177,39 @@ jobs:
       - name: "Run maglnet/composer-require-checker"
         run: ".phive/composer-require-checker check --config-file=$(pwd)/composer-require-checker.json"
 
+  security:
+    name: "Security"
+
+    runs-on: "ubuntu-latest"
+
+    strategy:
+      matrix:
+        php-version:
+          - "7.4"
+
+        dependencies:
+          - "locked"
+
+    steps:
+      - name: "Checkout"
+        uses: "actions/[email protected]"
+
+      - name: "Set up PHP"
+        uses: "shivammathur/[email protected]"
+        with:
+          coverage: "none"
+          extensions: "none, ctype, dom, json, mbstring, phar, simplexml, tokenizer, xml, xmlwriter"
+          php-version: "${{ matrix.php-version }}"
+
+      - name: "Set up problem matchers for PHP"
+        run: "echo \"::add-matcher::${{ runner.tool_cache }}/php.json\""
+
+      - name: "Validate composer.json and composer.lock"
+        run: "composer validate --ansi --strict"
+
+      - name: "Check installed packages for security vulnerability advisories"
+        run: "composer audit"
+
   static-code-analysis:
     name: "Static Code Analysis"
 

Makefile

@@ -39,3 +39,4 @@ tests: vendor ## Runs unit tests with phpunit/phpunit
 vendor: composer.json composer.lock
 	composer validate --strict
 	composer install --no-interaction --no-progress
+	composer audit