Create PackageSecurityHealthCheck and Tests

[srichter]

This creates PackageSecurityHealthCheck which uses sensiolabs/security-checker to check your project's composer.lock for packages which have known vulnerabilities. It includes full test coverage.

[srichter]

Is Laravel 5.4 support still desired for this package? I can fix the tests further

[tylerwoonton]

@srichter Yeah, we support Laravel 5.4. If you wouldn't mind fixing the PHP 5.6 tests, that'd be great.

[Gman98ish]

@srichter

Code looks great, tests are all working, and it's a really cool idea.

Just for my own understanding, what's the use case for this? From what I can tell, this package just checks your composer.lock file, which doesn't change depending on your environment. So with that in mind, why would you use it in a health check over using the CLI tool directly?

(I might be mistaken with how the package works)

[srichter]

My thinking was that it would be good for in-production applications that aren't having much active development, so the packages might be outdated (and possibly vulnerable). You could always easily run the console command, but having up-to-date information on the /health endpoint allows the metric to be monitored.