enlightn / laravel-security-checker
A Laravel package to scan your dependencies for known security vulnerabilities.
Installs: 149 337
Dependents: 0
Suggesters: 0
Security: 0
Stars: 38
Watchers: 3
Forks: 9
Open Issues: 2
Requires
- php: ^7.2|^8.0
- enlightn/security-checker: ^1.8
- laravel/framework: ^6.0|^7.0|^8.0|^9.0
Requires (Dev)
- barryvdh/laravel-ide-helper: ^2.8
- friendsofphp/php-cs-fixer: ^2.18|^3.0
- mockery/mockery: ^1.3
- orchestra/testbench: ^4.0|^5.20|^6.15|^7.0
- phpunit/phpunit: ^7.5|^8.0|^9.0
README
This package includes an Artisan command that checks if your application uses dependencies with known security vulnerabilities. It is a wrapper around the Enlightn Security Checker.
Installation
You may use Composer to install the package on your Laravel application:
composer require --dev enlightn/laravel-security-checker
Usage
To check for security vulnerabilities in your dependencies, you may run the security:check
Artisan command:
php artisan security:check
Options & Arguments
Composer Lock File
You may specify a custom location for your composer.lock
file, using the optional argument:
php artisan security:check /path/to/composer.lock
Format
By default, this command displays the result in ANSI. You may use the --format
option to display the result in JSON instead:
php artisan security:check --format=json
Exclude Dev Dependencies
If you would like to exclude dev dependencies from the vulnerabilities scanning, you may use the --no-dev
option (defaults to false):
php artisan security:check --no-dev
Custom Directory for Caching Advisories Database
By default, the security:check
command uses the directory returned by the sys_get_temp_dir
PHP function for storing the cached advisories database. If you wish to modify the directory, you may use the --temp-dir
option:
php artisan security:check --temp-dir=/tmp
Contribution Guide
Thank you for considering contributing to the Enlightn security checker project! The contribution guide can be found here.
License
The Enlightn security checker for Laravel is licensed under the MIT license.