If you manage WordPress with Composer, you’ve probably noticed a gap: composer audit works great for PHP packages on Packagist, but it has no awareness of WordPress plugin and theme vulnerabilities. WP Sec Adv by @TangRufus was built to bring security advisory support to WordPress packages installed via Composer.
Read more on our blog: WP Sec Adv: WordPress Security Advisories for Composer | Roots