{"id":43941163,"url":"https://github.com/shieldci/laravel","last_synced_at":"2026-06-26T05:01:31.437Z","repository":{"id":323943152,"uuid":"1091379636","full_name":"ShieldCI/laravel","owner":"ShieldCI","description":"ShieldCI Laravel Package - Open-source AI-powered code quality analysis for Laravel applications with 73 comprehensive analyzers covering security, performance, reliability, code quality, and best practices.. Works with Laravel 9+.","archived":false,"fork":false,"pushed_at":"2026-04-28T20:06:52.000Z","size":31678,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"master","last_synced_at":"2026-04-28T22:05:05.603Z","etag":null,"topics":["ai-powered","code-analyzer","code-quality-analyzer","laravel","laravel-best-practice","laravel-framework","laravel-package","laravel-vapor","performance-analysis","reliability-analysis","security-scanner"],"latest_commit_sha":null,"homepage":"https://docs.shieldci.com","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ShieldCI.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-11-07T00:01:09.000Z","updated_at":"2026-04-28T20:05:42.000Z","dependencies_parsed_at":"2026-04-02T11:02:30.641Z","dependency_job_id":null,"html_url":"https://github.com/ShieldCI/laravel","commit_stats":null,"previous_names":["shieldci/laravel"],"tags_count":64,"template":false,"template_full_name":null,"purl":"pkg:github/ShieldCI/laravel","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ShieldCI%2Flaravel","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ShieldCI%2Flaravel/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ShieldCI%2Flaravel/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ShieldCI%2Flaravel/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ShieldCI","download_url":"https://codeload.github.com/ShieldCI/laravel/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ShieldCI%2Flaravel/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32454170,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-29T22:27:22.272Z","status":"online","status_checked_at":"2026-04-30T02:00:05.929Z","response_time":57,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai-powered","code-analyzer","code-quality-analyzer","laravel","laravel-best-practice","laravel-framework","laravel-package","laravel-vapor","performance-analysis","reliability-analysis","security-scanner"],"created_at":"2026-02-07T02:02:44.159Z","updated_at":"2026-06-26T05:01:31.429Z","avatar_url":"https://github.com/ShieldCI.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ShieldCI Laravel Package\n\n[![Latest Version on Packagist](https://img.shields.io/packagist/v/shieldci/laravel.svg)](https://packagist.org/packages/shieldci/laravel)\n[![PHP Version](https://img.shields.io/packagist/php-v/shieldci/laravel.svg)](https://packagist.org/packages/shieldci/laravel)\n[![Laravel Version](https://img.shields.io/badge/laravel-9.x--13.x-red.svg)](https://packagist.org/packages/shieldci/laravel)\n[![License](https://img.shields.io/packagist/l/shieldci/laravel.svg)](https://packagist.org/packages/shieldci/laravel)\n[![Tests](https://github.com/ShieldCI/laravel/actions/workflows/tests.yml/badge.svg)](https://github.com/ShieldCI/laravel/actions/workflows/tests.yml)\n[![codecov](https://codecov.io/gh/ShieldCI/laravel/branch/master/graph/badge.svg)](https://codecov.io/gh/ShieldCI/laravel)\n[![Documentation](https://img.shields.io/badge/docs-docs.shieldci.com-blue.svg)](https://docs.shieldci.com)\n\n![ShieldCI terminal demo](https://raw.githubusercontent.com/ShieldCI/laravel/master/.github/assets/analyzer-terminal.gif)\n\nAutomated code analysis for Laravel applications — 73 open-source analyzers covering security, performance, reliability, code quality, and best practices.\n\nBuilt on top of [`shieldci/analyzers-core`](https://github.com/ShieldCI/analyzers-core) (v1.x) - a shared, framework-agnostic foundation for static analysis tools.\n\n## Requirements\n\n- PHP 8.1 or higher\n- Laravel 9.x, 10.x, 11.x, 12.x, 13.x\n\n## Architecture\n\nThis package uses `shieldci/analyzers-core` for its core analyzer functionality, providing:\n- Type-safe enums (Status, Category, Severity)\n- Immutable value objects (Location, Issue, AnalyzerMetadata)\n- Abstract base classes (AbstractAnalyzer, AbstractFileAnalyzer)\n- AST parsing with nikic/php-parser\n- Result formatters (JSON, Console)\n- Comprehensive utilities (CodeHelper, FileParser)\n\n## Installation\n\n```bash\ncomposer require shieldci/laravel\n```\n\n## Configuration\n\nPublish the configuration file:\n\n```bash\nphp artisan vendor:publish --tag=shieldci-config\n```\n\nAdd your ShieldCI credentials to `.env` (your API token is displayed when you create a project in the [ShieldCI dashboard](https://shieldci.com/dashboard)):\n\n```env\nSHIELDCI_TOKEN=your-api-token\nSHIELDCI_PROJECT_ID=your-project-id\n```\n\n## Usage\n\nRun the analysis:\n\n```bash\nphp artisan shield:analyze\n```\n\n### Options\n\nRun a specific analyzer:\n```bash\nphp artisan shield:analyze --analyzer=sql-injection\n```\n\nRun analyzers by category:\n```bash\nphp artisan shield:analyze --category=security\n```\n\nOutput as JSON:\n```bash\nphp artisan shield:analyze --format=json\n```\n\nSave report to file:\n```bash\nphp artisan shield:analyze --output=report.json\n```\n\nSend results to ShieldCI platform:\n```bash\nphp artisan shield:analyze --report\n```\n\nSchedule analysis with trigger tracking:\n```php\n// Laravel 11+ (routes/console.php)\nSchedule::command('shield:analyze --triggered-by=scheduled --report')-\u003edaily();\n\n// Laravel 11+ (bootstrap/app.php)\n-\u003ewithSchedule(function (Schedule $schedule) {\n    $schedule-\u003ecommand('shield:analyze --triggered-by=scheduled --report')-\u003edaily();\n})\n\n// Laravel 9-10 (app/Console/Kernel.php)\n$schedule-\u003ecommand('shield:analyze --triggered-by=scheduled --report')-\u003edaily();\n```\n\n### Advanced Features\n\n#### Baseline Support (Gradual Adoption)\nGenerate a baseline to suppress existing issues and only catch new ones:\n```bash\n# Generate baseline from current state (all analyzers, respects config)\nphp artisan shield:baseline\n\n# Generate baseline for CI mode (only CI-compatible analyzers)\nphp artisan shield:baseline --ci\n\n# Merge with existing baseline\nphp artisan shield:baseline --merge\n\n# Analyze against baseline (only NEW issues reported)\nphp artisan shield:analyze --baseline\n```\n\n#### CI Mode (Optimized for CI/CD)\nSkip slow or network-dependent analyzers in CI/CD:\n\n```bash\n# Run in CI mode (only CI-compatible analyzers)\nphp artisan shield:analyze --ci\n```\n\nWhitelist/blacklist specific analyzers in `config/shieldci.php`:\n\n```php\n'ci_mode_analyzers' =\u003e ['sql-injection', 'xss-vulnerabilities', 'csrf-protection'],\n'ci_mode_exclude_analyzers' =\u003e ['vulnerable-dependencies', 'frontend-vulnerable-dependencies'],\n```\n\n#### Don't Report (Exit Code Control)\nRun informational analyzers without failing CI:\n```php\n// config/shieldci.php\n'dont_report' =\u003e [\n    'missing-docblock',    // Informational only\n    'commented-code',      // Won't fail CI\n],\n```\n\n#### Compact Output\nLimit displayed issues per check:\n```bash\n# Show only 3 issues per check\nSHIELDCI_MAX_ISSUES=3 php artisan shield:analyze\n```\n\n#### Environment-Aware Analyzers\nSome analyzers are only relevant in specific environments. ShieldCI automatically handles multi-environment setups through environment mapping.\n\n**Standard environments** (no configuration needed):\n- `local` - Local development\n- `development` - Development server\n- `staging` - Staging/pre-production\n- `production` - Production\n- `testing` - Automated testing\n\n**Custom environments** (configure mapping):\n```php\n// config/shieldci.php\n'environment_mapping' =\u003e [\n    'production-us' =\u003e 'production',\n    'production-eu' =\u003e 'production',\n    'staging-preview' =\u003e 'staging',\n    'prod-1' =\u003e 'production',\n],\n```\n\nHow it works:\n- Analyzers declare which environments they're relevant for (e.g., `['production', 'staging']`)\n- Custom environment names are automatically mapped to standard types\n- Analyzers run only in their relevant environments\n\nExample: AutoloaderOptimizationAnalyzer only runs in production/staging environments.\n\n## Available Analyzers\n\nShieldCI includes **73 comprehensive analyzers** across five categories:\n\n| Category | Count | Coverage |\n|---|---|---|\n| Security | 22 | Complete OWASP Top 10 2021 |\n| Performance | 18 | Optimize speed and efficiency |\n| Reliability | 13 | Ensure stability and correctness |\n| Code Quality | 5 | Improve maintainability |\n| Best Practices | 15 | Laravel-specific patterns |\n\n→ [Full Analyzer Reference](https://docs.shieldci.com/analyzers/) — all 73 analyzers with examples and fix guidance\n\n### ShieldCI Pro\n\n[ShieldCI Pro](https://shieldci.com) adds **82 advanced analyzers** on top of the free package:\n\n| Category | Count | Coverage |\n|---|---|---|\n| Security | 45 | Enterprise-grade vulnerability detection |\n| Performance | 15 | Advanced performance optimization |\n| Reliability | 15 | Production-grade resilience checks |\n| Best Practices | 4 | Laravel architecture and conventions |\n| Code Quality | 3 | Test coverage and quality analysis |\n\nHighlights:\n- **Security** — command injection, SSRF, XXE, object injection, GDPR compliance, hard-coded credentials, cryptographic weaknesses; framework-specific checks for Sanctum, Horizon, Telescope, Nova, Livewire, Inertia, and FilamentPHP\n- **Performance** — Redis rate limiting, CDN/HTTP2/compression header analysis, lazy collection opportunities, FilamentPHP table optimization\n- **Reliability** — health check and alerting config, job queue config, Horizon status and provisioning, Redis eviction policy, Laravel Vapor config\n\n→ [Upgrade to Pro](https://shieldci.com)\n\n## Configuration Options\n\nSee `config/shieldci.php` for all available configuration options.\n\n### Fail Conditions\n\nConfigure when the analysis should fail:\n\n```php\n'fail_on' =\u003e 'critical', // never, critical, high, medium, low\n'fail_threshold' =\u003e 80,  // Minimum score to pass (0-100)\n```\n\n### Paths\n\nConfigure which paths to analyze:\n\n```php\n'paths' =\u003e [\n    'analyze' =\u003e ['app', 'config', 'database', 'routes'],\n],\n\n'excluded_paths' =\u003e [\n    'vendor/*',\n    'node_modules/*',\n    'storage/*',\n],\n```\n\n## Creating Custom Analyzers\n\nQuick example:\n\n```php\n\u003c?php\n\nnamespace ShieldCI\\Analyzers\\Security;\n\nuse ShieldCI\\AnalyzersCore\\Abstracts\\AbstractFileAnalyzer;\nuse ShieldCI\\AnalyzersCore\\Contracts\\ResultInterface;\nuse ShieldCI\\AnalyzersCore\\ValueObjects\\{AnalyzerMetadata, Location};\nuse ShieldCI\\AnalyzersCore\\Enums\\{Category, Severity};\n\nclass MyAnalyzer extends AbstractFileAnalyzer\n{\n    protected function metadata(): AnalyzerMetadata\n    {\n        return new AnalyzerMetadata(\n            id: 'my-analyzer',\n            name: 'My Custom Analyzer',\n            description: 'Checks for custom security issues',\n            category: Category::Security,\n            severity: Severity::High,\n        );\n    }\n\n    protected function runAnalysis(): ResultInterface\n    {\n        // Your analysis logic\n        $issues = [];\n\n        foreach ($this-\u003egetPhpFiles() as $file) {\n            // Analyze files\n        }\n\n        return empty($issues)\n            ? $this-\u003epassed('No issues found')\n            : $this-\u003efailed('Issues detected', $issues);\n    }\n}\n```\n\n## Testing\n\n```bash\ncomposer test           # 4,000+ tests\ncomposer test-coverage  # 98%+ code coverage\ncomposer analyse        # PHPStan Level 9\n```\n\n## Documentation\n\n- [Full Documentation](https://docs.shieldci.com) - Installation, configuration, and analyzer guides\n- [Getting Started](https://docs.shieldci.com/getting-started/installation) - Quick start guide\n- [Analyzer Reference](https://docs.shieldci.com/analyzers/) - All 73 analyzers with examples and fix guidance\n- [Analyzers Core](https://github.com/ShieldCI/analyzers-core/blob/master/README.md) - Core package documentation\n\n## License\n\nMIT License. See LICENSE file for details.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fshieldci%2Flaravel","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fshieldci%2Flaravel","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fshieldci%2Flaravel/lists"}