Skip to main content
Version: 6.4.0

Vulnerability scanner


Vulnerability scanner jest dodatkiem płatnym dostępnym w naszym Marketplace - Kup YetiForce Vulnerabilities

The tool checks if there are any vulnerabilities in external libraries that need to be removed. The functionality requires an internet connection as it sends information from composer.lock to an external service. The built-in security mechanism in the current version connects to the dedicated YetiForce Security service (


The vulnerability detector currently verifies on the worldwide CVE database:

  • some of the external libraries used by the system (e.g. libraries written in PHP),
  • vulnerabilities for the used version of PHP,
  • vulnerabilities for the webserver (Apache, Nginx),
  • vulnerabilities for libraries on the server: OpenSSL,
  • vulnerabilities for SQL engine (MySql, MariaDB).

Ultimately, the system will be able to verify all external libraries regardless of technology. We also plan to detect vulnerabilities in applications installed on the server, e.g. IMAP, PGP, etc.

Even though the application can only verify some libraries by default, the producer, checks for vulnerabilities in all libraries using tools such as , , , , and many other applications.



If no vulnerabilities were found, the following message will be displayed:


YetiForce Security Dependency Check

The vulnerability detection mechanism operates on the official CVE based vulnerability database available at

System Warnings

Vulnerability detection is also performed in the System warnings panel - the system regularly checks security gaps and informs the administrators about any potential threats that need to be dealt with.