Open
Description
This is unfortunately a bigger issue because the challenge is to compare the composer.lock file with one or more vulnerability databases.
Currently, security issues for extensions are only stored in the TER database. These would have to be extracted and automatically converted to YAML files.
Links:
https://github.com/FriendsOfPHP/security-advisories/tree/master/typo3/cms
https://github.com/sensiolabs/security-checker