Loading... Background job is running.

Security Monitoring

Private Packagist alerts you when security vulnerabilities are reported for Composer dependencies in your projects.

Notifications are available by email, as webhooks and in Slack or Microsoft Teams.

Start Free Trial

Get in touch with us: send an e-mail to contact@packagist.com or chat with us.

Stay on top of security issues with Private Packagist

A security issue is identified in an open-source library and reported in an advisory database like the PHP Security Advisories Database

We scan composer.lock files in your projects for dependency versions affected by the reported vulnerability.

We notify you about insecure projects by email, webhook to any URL of your choice, on Slack, or on Microsoft Teams.

Resolve Security Issues

We tell you which versions are safe depending on whether you are willing to jump to a new feature release or want the bugfix only.

You can manually mark issues resolved if they do not affect your project or if they are irrelevant for another reason.

When you commit a change to your composer.lock we automatically close the security issue with a link to the commit which fixed it.


Keep the Overview

You can see how many security issues are open across all projects and filter your package list to get an overview of projects requiring attention.

Weekly or monthly summary emails help you track progress as you update your dependencies.

Do you have any questions or are you missing anything? Contact us at contact@packagist.com or chat with us.