github.com/symfony-cli/symfony-cli@v0.0.0-20240514161054-ece2df437dfa/README.md

github.com/symfony-cli/symfony-cli@v0.0.0-20240514161054-ece2df437dfa/README.md (about)

     1  <p align="center"><a href="https://symfony.com" target="_blank">
     2      <img src="https://symfony.com/logos/symfony_black_02.svg">
     3  </a></p>
     4  
     5  The [Symfony binary][1] is a must-have tool when developing Symfony applications
     6  on your local machine. It provides:
     7  
     8  * The best way to [create new Symfony applications][2];
     9  * A powerful [local web server][3] to develop your projects with support for [TLS certificates][4];
    10  * A tool to [check for security vulnerabilities][5];
    11  * Seamless integration with [Platform.sh][6].
    12  
    13  Installation
    14  ------------
    15  
    16  Read the installation instructions on [symfony.com][7].
    17  
    18  Signature Verification
    19  ----------------------
    20  
    21  Symfony binaries are signed using [cosign][8], which is part of [sigstore][9].
    22  Signatures can be verified as follows (OS and architecture omitted for clarity):
    23  
    24  ```console
    25  $ COSIGN_EXPERIMENTAL=1 cosign verify-blob --signature symfony-cli.sig symfony-cli
    26  tlog entry verified with uuid: "2b7ca2bfb7ee09114a15d60761c2a0a8c97f07cc20c02e635a92ba137a08a6de" index: 1261963
    27  Verified OK
    28  ```
    29  
    30  The above uses the (currently experimental) [keyless signing][10] method.
    31  Alternatively, one can verify the signature by also providing the certificate:
    32  
    33  ```console
    34  $ cosign verify-blob --cert symfony-cli.pem --signature symfony-cli.sig symfony-cli
    35  Verified OK
    36  ```
    37  
    38  Security Issues
    39  ---------------
    40  
    41  If you discover a security vulnerability, please follow our [disclosure procedure][11].
    42  
    43  Sponsorship [<img src="https://cloudposse.com/wp-content/uploads/2020/10/cloudsmith.svg" width="250" align="right" />](https://cloudsmith.io/)
    44  -----------
    45  
    46  Package repository hosting is graciously provided by
    47  [cloudsmith](https://cloudsmith.io/). Cloudsmith is the only fully hosted,
    48  cloud-native, universal package management solution, that enables your
    49  organization to create, store and share packages in any format, to any place,
    50  with total confidence. We believe there’s a better way to manage software
    51  assets and packages, and they're making it happen!
    52  
    53  [1]: https://symfony.com/download
    54  [2]: https://symfony.com/doc/current/setup.html#creating-symfony-applications
    55  [3]: https://symfony.com/doc/current/setup/symfony_server.html
    56  [4]: https://symfony.com/doc/current/setup/symfony_server.html#enabling-tls
    57  [5]: https://symfony.com/doc/current/setup.html#security-checker
    58  [6]: https://symfony.com/cloud
    59  [7]: https://symfony.com/download
    60  [8]: https://github.com/SigStore/cosign
    61  [9]: https://www.sigstore.dev/
    62  [10]: https://github.com/sigstore/cosign/blob/main/KEYLESS.md
    63  [11]: https://symfony.com/security