How it works?

1. Once a composer.lock is uploaded, it is scanned and all registered package details are extracted;
2. For each package, a deep source inspection is executed in its source code;
3. Once the analysis is complete, a report is generated and the uploaded composer.lock is removed;
4. The analysis report is then available for the next 24 hours through its unique link.

---

Go back