sun-asterisk / laravel-security-checker
Laravel composer.lock vulnerabilities checker
v0.1.0
2020-09-13 13:10 UTC
Requires
- php: >=7.1.3
- ext-xmlwriter: *
- laravel/framework: ^5.0|^6.0|^7.0|^8.0
- sensiolabs/security-checker: ^6.0
Requires (Dev)
- sun-asterisk/coding-standard: ^0.2.3
This package is auto-updated.
Last update: 2024-11-13 22:23:30 UTC
README
Integrate sensiolabs/security-checker to your Laravel project.
Add a command to check the project dependencies in composer.lock
against the Symfony Security Advisories Database
Installation
Using composer:
composer require sun-asterisk/laravel-security-checker
For Laravel 5.4 and earlier, add the service provider to your config/app.php.
'providers' => [ // ... SunAsterisk\LaravelSecurityChecker\ServiceProvider::class // ... ];
Usage
The security checker is provided as an Artisan command
php artisan security:check
The command exit with status code 1 if vulnerabilities are found so you can use it in your CI pipeline.
Writing report to file
In addition to printing vulnerable packages, you can generate a report file. JSON & JUnit format report are supported.
Generate a JSON report:
php artisan security:check --report-json=security-check.json
Generate a JUnit report:
php artisan security:check --report-junit=security-check.xml