alfred-nutile-inc / larscanner
misc tools to scan apps after being deployed
Installs: 3 115
Dependents: 0
Suggesters: 0
Security: 0
Stars: 13
Watchers: 15
Forks: 3
Open Issues: 0
Requires
- php: ~5.6|~7.0
- guzzlehttp/guzzle: ~5.3|~6.0
- sensiolabs/security-checker: dev-master
Requires (Dev)
- illuminate/support: <=5.5
- mockery/mockery: 0.9.*
- orchestra/testbench: <=3.5
- phpunit/phpunit: >=5.4.3
- squizlabs/php_codesniffer: ^2.3
- vlucas/phpdotenv: ^2.4
This package is not auto-updated.
Last update: 2024-04-07 05:30:19 UTC
README
Tons more to do this just one tool
Installation
composer require alfred-nutile-inc/larscanner:dev-master
Add to config/app.php
AlfredNutileInc\LarScanner\Providers\LarScannerProvider::class
SensioLabs Composer Checker
by https://github.com/sensiolabs/security-checker
Make sure to add to your env
SECURITY_NOTICE_SLACK_URL=https://room_to_slack
Then add to app/Console/Kernel.php
$schedule->command('larscanner:sensio')->daily()
->appendOutputTo('/tmp/security_issues.log')
->emailOutputTo('some@email.com');
The output is optional. By default it will send it to slack.
You can turn slack off if needed by (todo)
Testing
$ composer test
Contributing
Please see CONTRIBUTING and CONDUCT for details.
TODO
- Allow slack to be turned off
Roadmap
-
Can we scan our code? Something like http://brakemanscanner.org/
-
What other well known libraries are there?
-
Some good links phparch nov 2016 good article with links to a number of services and php tools
-
can we find laravel vulnerabilities and scan our site nightly
-
use behat to try and break into our sites?