This package is abandoned and no longer maintained. No replacement package was suggested.

A package for manipulating `security.txt` documents in PHP 7+, based on configuration settings.

v0.4.0 2017-11-22 18:36 UTC

This package is auto-updated.

Last update: 2021-04-29 00:57:11 UTC


php-security-txt banner from the documentation

License Current Release Total Downloads Build Status Dependency Status Scrutinizer CI StyleCI Maintainability Test Coverage SensioLabs

A package for manipulating security.txt documents in PHP 7+, based on configuration settings.

The purpose of this project is to create a set-it-and-forget-it package that can manipulate documents following the current security.txt spec. It is therefore highly opinionated but built for configuration.

security.txt is a draft "standard" which allows websites to define security policies. This "standard" sets clear guidelines for security researchers on how to report security issues, and allows bug bounty programs to define a scope. Security.txt is the equivalent of robots.txt, but for security issues.

There is documentation for php-security-txt online, the source of which is in the docs/ directory. The most logical place to start are the docs for the SecurityTxt class.

Table of Contents


Step 1: Composer

Via Composer command line:

$ composer require austinheap/php-security-txt

Or add the package to your composer.json:

    "require": {
        "austinheap/php-security-txt": "0.3.*"

Step 2: Manipulate a security.txt document

To programatically create a security.txt document, you could do:

require_once 'vendor/autoload.php';

$writer = new \AustinHeap\Security\Txt\Writer;

print $writer->setContact('')

Which should output:

# Our security address

# Our PGP key
Encryption: http://some.url/pgp.key

# Our disclosure policy
Disclosure: Full

# Our public acknowledgement
Acknowledgement: http://some.url/acks

# Generated by "php-security-txt" v0.3.2 (
# in 0.041008 seconds on 2017-10-26 20:31:25.

Unit Tests

This package has aggressive unit tests built with PHPUnit.

There are code coverage reports for php-security-txt available online.



This is a fork of austinheap/laravel-security-txt, which was a fork of InfusionWeb/laravel-robots-route, which was a fork of ellisthedev/laravel-5-robots, which was a fork of jayhealey/Robots, which was based on earlier work.


The MIT License (MIT). Please see License File for more information.