diff --git a/phpunit.xml b/phpunit.xml
index 696252c..8bada5f 100644
--- a/phpunit.xml
+++ b/phpunit.xml
@@ -9,6 +9,9 @@
     beStrictAboutTodoAnnotatedTests="true"
 >
     <testsuites>
+        <testsuite name="Unit tests">
+            <directory suffix="Test.php">tests/unit</directory>
+        </testsuite>
         <testsuite name="Integration tests">
             <directory suffix="Test.php">tests/integration</directory>
         </testsuite>
@@ -19,4 +22,8 @@
             <directory suffix=".php">src</directory>
         </whitelist>
     </filter>
+
+    <php>
+        <ini name="zend.assertions" value="1" />
+    </php>
 </phpunit>
diff --git a/tests/unit/AdvisoriesManagerTest.php b/tests/unit/AdvisoriesManagerTest.php
new file mode 100644
index 0000000..0e69dcd
--- /dev/null
+++ b/tests/unit/AdvisoriesManagerTest.php
@@ -0,0 +1,91 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Cs278\ComposerAudit;
+
+use Composer\Composer;
+use Composer\Semver\Semver;
+use PHPUnit\Framework\TestCase;
+use Symfony\Bridge\PhpUnit\SetUpTearDownTrait;
+use Symfony\Component\Filesystem\Filesystem;
+use Symfony\Component\Process\Exception\ProcessFailedException;
+use Symfony\Component\Process\Process;
+
+use function Cs278\Mktemp\temporaryDir;
+
+/**
+ * @covers Cs278\ComposerAudit\AdvisoriesManager
+ */
+final class AdvisoriesManagerTest extends TestCase
+{
+    use SetUpTearDownTrait;
+
+    /**
+     * @dataProvider dataFindByPackageNameAndVersion
+     *
+     */
+    public function testFindByPackageNameAndVersion(array $expected, string $packageName, string $packageVersion, string $advisories)
+    {
+        $manager = $this->createManager($advisories);
+        $results = [];
+
+        foreach ($manager->findByPackageNameAndVersion($packageName, $packageVersion) as $advisory) {
+            $results[] = $advisory['title'];
+
+            self::assertEquals(sprintf('composer://%s', $packageName), $advisory['reference']);
+        }
+
+        self::assertEquals($expected, $results);
+    }
+
+    public function dataFindByPackageNameAndVersion(): iterable
+    {
+        yield [
+            [],
+            'foo/bar',
+            '13.37.0',
+            'empty',
+        ];
+        yield [
+            [
+                'CVE-9999-1234567: Left the front door open',
+            ],
+            'foo/bar',
+            '13.37',
+            'simple',
+        ];
+    }
+
+    private function createManager(string $advisories): AdvisoriesManager
+    {
+        $installer = new class($advisories) implements AdvisoriesInstallerInterface {
+            private $advisories;
+
+            public function __construct(string $advisories)
+            {
+                $this->advisories = __DIR__.'/advisories/'.$advisories;
+
+                if (!is_dir($this->advisories)) {
+                    throw new \InvalidArgumentException(sprintf(
+                        '%s is invalid, `%s` is not a directory',
+                        $advisories,
+                        $this->advisories
+                    ));
+                }
+            }
+
+            public function mustUpdate()
+            {
+                return; // No op
+            }
+
+            public function install($varDirectory, $packageName, $packageConstraint)
+            {
+                return $this->advisories;
+            }
+        };
+
+        return new AdvisoriesManager($installer);
+    }
+}
diff --git a/tests/unit/advisories/empty/composer.json b/tests/unit/advisories/empty/composer.json
new file mode 100644
index 0000000..78bfed1
--- /dev/null
+++ b/tests/unit/advisories/empty/composer.json
@@ -0,0 +1,6 @@
+
+{
+    "name": "sensiolabs/security-advisories",
+    "description": "Database of known security vulnerabilities in various PHP projects and libraries",
+    "license": "Unlicense"
+}
diff --git a/tests/unit/advisories/simple/composer.json b/tests/unit/advisories/simple/composer.json
new file mode 100644
index 0000000..78bfed1
--- /dev/null
+++ b/tests/unit/advisories/simple/composer.json
@@ -0,0 +1,6 @@
+
+{
+    "name": "sensiolabs/security-advisories",
+    "description": "Database of known security vulnerabilities in various PHP projects and libraries",
+    "license": "Unlicense"
+}
diff --git a/tests/unit/advisories/simple/foo/bar/vuln1.yaml b/tests/unit/advisories/simple/foo/bar/vuln1.yaml
new file mode 100644
index 0000000..432fbb7
--- /dev/null
+++ b/tests/unit/advisories/simple/foo/bar/vuln1.yaml
@@ -0,0 +1,8 @@
+title:     "CVE-9999-1234567: Left the front door open"
+link:      https://example.com/CVE-9999-1234567
+cve:       CVE-9999-1234567
+branches:
+    "1337":
+        time:     2020-01-01 12:32:00
+        versions: ['>=13.37.0', '<13.37.100']
+reference: composer://foo/bar