Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/austinheap/php-security-txt
A package for manipulating `security.txt` documents in PHP 7+, based on configuration settings. https://securitytext.org/
https://github.com/austinheap/php-security-txt
composer composer-package php php7 php70 php71 php72 security security-txt
Last synced: 3 months ago
JSON representation
A package for manipulating `security.txt` documents in PHP 7+, based on configuration settings. https://securitytext.org/
- Host: GitHub
- URL: https://github.com/austinheap/php-security-txt
- Owner: austinheap
- License: mit
- Archived: true
- Created: 2017-10-26T17:28:40.000Z (about 7 years ago)
- Default Branch: master
- Last Pushed: 2018-01-26T19:29:51.000Z (almost 7 years ago)
- Last Synced: 2024-09-25T20:02:51.196Z (3 months ago)
- Topics: composer, composer-package, php, php7, php70, php71, php72, security, security-txt
- Language: PHP
- Homepage: https://packagist.org/packages/austinheap/php-security-txt
- Size: 888 KB
- Stars: 10
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE.md
Awesome Lists containing this project
README
# PHP 7+ `security.txt` Package
![php-security-txt banner from the documentation](docs/img/banner-1544x500.png?raw=true)
[![License](https://img.shields.io/packagist/l/austinheap/php-security-txt.svg)](https://github.com/austinheap/php-security-txt/blob/master/LICENSE.md)
[![Current Release](https://img.shields.io/github/release/austinheap/php-security-txt.svg)](https://github.com/austinheap/php-security-txt/releases)
[![Total Downloads](https://img.shields.io/packagist/dt/austinheap/php-security-txt.svg)](https://packagist.org/packages/austinheap/php-security-txt)
[![Build Status](https://travis-ci.org/austinheap/php-security-txt.svg?branch=master)](https://travis-ci.org/austinheap/php-security-txt)
[![Dependency Status](https://gemnasium.com/badges/github.com/austinheap/php-security-txt.svg)](https://gemnasium.com/github.com/austinheap/php-security-txt)
[![Scrutinizer CI](https://scrutinizer-ci.com/g/austinheap/php-security-txt/badges/quality-score.png?b=master)](https://scrutinizer-ci.com/g/austinheap/php-security-txt/)
[![StyleCI](https://styleci.io/repos/108443771/shield?branch=master)](https://styleci.io/repos/108443771)
[![Maintainability](https://api.codeclimate.com/v1/badges/9bf8799e6e3a0209c318/maintainability)](https://codeclimate.com/github/austinheap/php-security-txt/maintainability)
[![Test Coverage](https://api.codeclimate.com/v1/badges/9bf8799e6e3a0209c318/test_coverage)](https://codeclimate.com/github/austinheap/php-security-txt/test_coverage)
[![SensioLabs](https://insight.sensiolabs.com/projects/1edfb22e-593b-43b1-88cd-98965541a2cc/mini.png)](https://insight.sensiolabs.com/projects/1edfb22e-593b-43b1-88cd-98965541a2cc)## A package for manipulating `security.txt` documents in PHP 7+, based on configuration settings.
The purpose of this project is to create a set-it-and-forget-it package that can
manipulate documents following the current [`security.txt`](https://securitytxt.org/)
spec. It is therefore highly opinionated but built for configuration.[`security.txt`](https://github.com/securitytxt) is a [draft](https://tools.ietf.org/html/draft-foudil-securitytxt-00)
"standard" which allows websites to define security policies. This "standard"
sets clear guidelines for security researchers on how to report security issues,
and allows bug bounty programs to define a scope. Security.txt is the equivalent
of `robots.txt`, but for security issues.There is [documentation for `php-security-txt` online](https://austinheap.github.io/php-security-txt/),
the source of which is in the [`docs/`](https://github.com/austinheap/php-security-txt/tree/master/docs)
directory. The most logical place to start are the [docs for the `SecurityTxt` class](https://austinheap.github.io/php-security-txt/classes/AustinHeap.Security.Txt.SecurityTxt.html).## Table of Contents
* [Summary](#a-package-for-manipulating-securitytxt-documents-in-php-7-based-on-configuration-settings)
* [Installation](#installation)
+ [Step 1: Composer](#step-1-composer)
+ [Step 2: Manipulate a `security.txt` document](#step-2-manipulate-a-securitytxt-document)
* [Unit Tests](#unit-tests)
* [References](#references)
* [Credits](#credits)
* [License](#license)## Installation
### Step 1: Composer
Via Composer command line:
```bash
$ composer require austinheap/php-security-txt
```Or add the package to your `composer.json`:
```json
{
"require": {
"austinheap/php-security-txt": "0.3.*"
}
}
```### Step 2: Manipulate a `security.txt` document
To programatically create a `security.txt` document, you could do:
```php
require_once 'vendor/autoload.php';$writer = new \AustinHeap\Security\Txt\Writer;
print $writer->setContact('[email protected]')
->setEncryption('http://some.url/pgp.key')
->setDisclosure('full')
->setAcknowledgement('http://some.url/acks')
->getText();
```Which should output:
```
# Our security address
Contact: [email protected]# Our PGP key
Encryption: http://some.url/pgp.key# Our disclosure policy
Disclosure: Full# Our public acknowledgement
Acknowledgement: http://some.url/acks#
# Generated by "php-security-txt" v0.3.2 (https://github.com/austinheap/php-security-txt/releases/tag/v0.3.2)
# in 0.041008 seconds on 2017-10-26 20:31:25.
#
```## Unit Tests
This package has aggressive unit tests built with PHPUnit.
There are [code coverage reports for `php-security-txt`](https://austinheap.github.io/php-security-txt/coverage/)
available online.## References
- [A Method for Web Security Policies (draft-foudil-securitytxt-00)](https://tools.ietf.org/html/draft-foudil-securitytxt-00)
- [laravel-security-txt](https://github.com/austinheap/laravel-security-txt)
- [securitytext.org](https://securitytext.org/)## Credits
This is a fork of [austinheap/laravel-security-txt](https://github.com/austinheap/laravel-security-txt),
which was a fork of [InfusionWeb/laravel-robots-route](https://github.com/InfusionWeb/laravel-robots-route),
which was a fork of [ellisthedev/laravel-5-robots](https://github.com/ellisthedev/laravel-5-robots),
which was a fork of [jayhealey/Robots](https://github.com/jayhealey/Robots),
which was based on earlier work.- [ellisio/laravel-5-robots Contributors](https://github.com/ellisio/laravel-5-robots/graphs/contributors)
- [InfusionWeb/laravel-robots-route Contributors](https://github.com/InfusionWeb/laravel-robots-route/contributors)
- [austinheap/laravel-security-txt Contributors](https://github.com/austinheap/laravel-security-txt/graphs/contributors)## License
The MIT License (MIT). Please see [License File](LICENSE.md) for more information.