sun-asterisk/laravel-security-checker

Laravel composer.lock vulnerabilities checker

v0.1.0 2020-09-13 13:10 UTC

This package is auto-updated.

Last update: 2024-11-13 22:23:30 UTC


README

Integrate sensiolabs/security-checker to your Laravel project.

Add a command to check the project dependencies in composer.lock against the Symfony Security Advisories Database

Installation

Using composer:

composer require sun-asterisk/laravel-security-checker

For Laravel 5.4 and earlier, add the service provider to your config/app.php.

'providers' => [
    // ...
    SunAsterisk\LaravelSecurityChecker\ServiceProvider::class
    // ...
];

Usage

The security checker is provided as an Artisan command

php artisan security:check

screenshot.png

The command exit with status code 1 if vulnerabilities are found so you can use it in your CI pipeline.

Writing report to file

In addition to printing vulnerable packages, you can generate a report file. JSON & JUnit format report are supported.

Generate a JSON report:

php artisan security:check --report-json=security-check.json

Generate a JUnit report:

php artisan security:check --report-junit=security-check.xml