magebean/magebean-cli

A CLI tool for Magento security audit by Magebean

Maintainers

Details

github.com/magebean/magebean-cli

Source

Issues

Installs: 3

Dependents: 0

Suggesters: 0

Security: 0

Stars: 11

Watchers: 0

Forks: 2

Open Issues: 0

pkg:composer/magebean/magebean-cli

v1.0.0 2025-09-15 19:44 UTC

Requires

Requires (Dev)

Suggests

MIT e966e7f749d70f3bf2013f046338221b8bc07554

This package is auto-updated.

Last update: 2025-10-17 13:41:07 UTC

README

Audit Magento 2 security, configuration, performance, and extensions from the command line. Generate actionable HTML/JSON reports and integrate with CI.

Goal: “Audit in minutes. Know exactly what to fix and why.”

✨ Features

  • Security Audit: file permissions, PHP hardening, admin exposure, SQLi/XSS/SSRF surfaces.
  • Config Audit: production mode, cache, Elasticsearch/OpenSearch, cron, logging/monitoring.
  • Performance Signals: cache effectiveness, DB indexes, static assets, storefront anti‑patterns.
  • Extension Audit: parse composer.lock to flag vulnerable/abandoned modules (CVE bundle optional).
  • Offline‑first: runs locally; privacy by design.
  • CI‑friendly: non‑zero exit codes on findings; JSON/SARIF outputs for pipelines.

📦 Requirements

  • PHP 8.1+
  • Magento 2.4+ codebase to scan
  • (Optional) CVE Bundle for vulnerability lookups

🚀 Install

Option 1: Use the packaged PHAR

# Download magebean.phar (example path)
curl -L -o magebean.phar https://magebean.com/files/magebean.phar
chmod +x magebean.phar

Option 2: Local development (composer)

composer install
php bin/magebean list

🧪 Quick Start

# HTML report
./magebean.phar scan \
  --path=/var/www/magento \
  --format=html --output=report.html

Supported formats: html (default) | json

🖥️ CLI Output Template

Magebean Security Audit v1.0    Target: /var/www/magento
Time: 2025-08-28 11:32    PHP: 8.2    Env: prod

⚠ CVE check skipped
  → Requires CVE Bundle (--cve-data=magebean-cve-bundle-YYYYMM.zip)
  → Visit https://magebean.com/downloads

Findings (5)
[CRITICAL] Magento core outdated — detected 2.4.3, latest 2.4.7-p1
[HIGH]     Admin route is default (/admin)
[HIGH]     Admin 2FA disabled
[MEDIUM]   Folder permission /pub/media is 777
[MEDIUM]   Full Page Cache disabled/misconfigured

Summary
Passed Rules: 76 / 81
Issues: 1 Critical, 2 High, 2 Medium

→ Report saved to report.html
Contact: support@magebean.com

📄 HTML Report

  • Summary includes:
    • Completed time, audited path
    • Rules Checked: Total, Passed, Failed, Score %
    • Findings Overview (counts failed rules only) by severity: Critical/High/Medium/Low
  • Table lists both PASS and FAIL, with colors:
    • ✅ PASS: green background
    • ❌ FAIL: red background

🔢 Exit Codes

  • 0 – no failed findings
  • 1 – has High/Medium/Low failed findings
  • 2 – has Critical failed findings

Adjust policy in ScanCommand if your team prefers a different threshold.

⚙️ Command Options

Option Description Default
--path Magento root to audit current dir
--format html | json | sarif html
--output Output file path report.html
--cve-data Path to CVE bundle (optional) none

🧩 Development

# run locally
php bin/magebean scan --path=/path/to/magento --format=html --output=report.html

# run with JSON for CI
php bin/magebean scan --path=/path --format=json > report.json
  • Reporter templates: resources/report-template.html
  • HTML reporter colors: .status-pass (green), .status-fail (red)
  • Findings Overview counts failures only

🔐 Security

Responsible disclosure: please email support@magebean.com.

🗺️ Roadmap

  • Live CVE updates via Magebean Cloud API
  • Additional controls & rule packs
  • PDF export
  • GitHub Action wrapper

📬 Contact

License

MageBean CLI is open-sourced software licensed under the MIT license.

  • Core CLI → MIT licensed, free to use and extend.
  • CVE Data Bundle → Proprietary, licensed separately.
  • Audit-as-a-Service → Commercial offering.

This dual model ensures that the community benefits from a free baseline audit tool, while advanced vulnerability data and professional audit services remain sustainable.