PHP

Introduction

JFrog Xray provides security and compliance analysis for PHP applications throughout the software development lifecycle. This page describes the supported scan contexts, capabilities, and dependency analysis available for PHP.

Capabilities

Capability	Source Code Scanning	Binary Scanning
Vulnerability Matching (CVEs)	🔜	✅
License Detection	🔜	✅
Malicious Package Detection	🔜	✅
Operational Risk	❌	❌
Smart Remediation (Coming Soon)	❌	❌

SCA capabilities are not currently available for PHP in the source code scanning context.

Supported Files

Package Manager	Supported Files
Composer	❌ Not supported

Additional Information

Binary scanning is the primary method for PHP SCA analysis. Frogbot V3 will add dependency extraction from composer.lock for SBOM visibility.