sun-asterisk/laravel-security-checker

Laravel composer.lock vulnerabilities checker

Maintainers

Details

github.com/sun-asterisk-research/laravel-security-checker

Source

Issues

Installs: 17

Dependents: 0

Suggesters: 0

Security: 0

Stars: 3

Watchers: 2

Forks: 0

Open Issues: 0

v0.1.0 2020-09-13 13:10 UTC

Requires

Requires (Dev)

MIT 515948e5967336b14f2245a410ae4e8e2fdd9246

This package is auto-updated.

Last update: 2024-04-13 20:57:11 UTC

README

Integrate sensiolabs/security-checker to your Laravel project.

Add a command to check the project dependencies in composer.lock against the Symfony Security Advisories Database

Installation

Using composer:

composer require sun-asterisk/laravel-security-checker

For Laravel 5.4 and earlier, add the service provider to your config/app.php.

'providers' => [
    // ...
    SunAsterisk\LaravelSecurityChecker\ServiceProvider::class
    // ...
];

Usage

The security checker is provided as an Artisan command

php artisan security:check

screenshot.png

The command exit with status code 1 if vulnerabilities are found so you can use it in your CI pipeline.

Writing report to file

In addition to printing vulnerable packages, you can generate a report file. JSON & JUnit format report are supported.

Generate a JSON report:

php artisan security:check --report-json=security-check.json

Generate a JUnit report:

php artisan security:check --report-junit=security-check.xml