Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/jorijn/laravel-security-checker
Added Laravel functionality to Enlightn Security Checker. Adds a command to check for, and optionally emails you, vulnerabilities when they affect you.
https://github.com/jorijn/laravel-security-checker
laravel laravel-package laravel-security-checker php sensiolabs-security-checker vulnerabilities
Last synced: 7 days ago
JSON representation
Added Laravel functionality to Enlightn Security Checker. Adds a command to check for, and optionally emails you, vulnerabilities when they affect you.
- Host: GitHub
- URL: https://github.com/jorijn/laravel-security-checker
- Owner: jorijn
- License: mit
- Created: 2017-07-20T17:21:13.000Z (over 7 years ago)
- Default Branch: master
- Last Pushed: 2024-10-07T04:47:01.000Z (3 months ago)
- Last Synced: 2024-12-20T06:04:58.636Z (14 days ago)
- Topics: laravel, laravel-package, laravel-security-checker, php, sensiolabs-security-checker, vulnerabilities
- Language: PHP
- Homepage: https://jorijn.com
- Size: 101 KB
- Stars: 199
- Watchers: 8
- Forks: 26
- Open Issues: 3
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
Awesome Lists containing this project
README
## Laravel Security Checker
[](https://packagist.org/packages/jorijn/laravel-security-checker)
[](https://packagist.org/packages/jorijn/laravel-security-checker)
[](https://packagist.org/packages/jorijn/laravel-security-checker)
This package provides an effortless way for you to check your local `composer.lock` against the [Security Advisories Database](https://github.com/FriendsOfPHP/security-advisories).
It can either display the results in your console or email them to you on a scheduled basis. It uses Laravel's markdown system, so it should fit nicely in your styling.
#### Screenshot
## Installation
Require this package with composer using the following command:
```bash
composer require jorijn/laravel-security-checker
```
### Configuration
#### Email
If you want the package to send reports by email, you'll need to specify a recipient.
##### Option 1
Add it to your `.env` file.
```
LCS_MAIL_TO="[email protected]"
```
##### Option 2
Publish the configuration file and change it there.
```bash
php artisan vendor:publish --provider="Jorijn\LaravelSecurityChecker\ServiceProvider" --tag="config"
```
If you want to control on how the email is formatted you can have Laravel export the view for you using:
```bash
php artisan vendor:publish --provider="Jorijn\LaravelSecurityChecker\ServiceProvider" --tag="views"
```
By default, the package won't email you when there are no vulnerabilities found. You can change this setting by adding the following entry to your `.env` file.
```
LCS_NOTIFY_WITHOUT_VULNERABILITIES=true
```
#### Slack
If you want the package to send the report to a Slack channel, you will need to specify a Slack Webhook
in your `.env` file.
E.g.:
```
LCS_SLACK_WEBHOOK=https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX
```
### Scheduling
The package exposes a new command for you:
```bash
php artisan security-check:email
```
You can hook it up into a regular crontab or add it into the Laravel Scheduler (`app/Console/Kernel.php`) like this:
```php
protected function schedule(Schedule $schedule)
{
$schedule->command(\Jorijn\LaravelSecurityChecker\Console\SecurityMailCommand::class)
->weekly();
}
```
## Running as a command
This package provides a wrapper around the [Enlightn Security Checker](https://github.com/enlightn/security-checker) command. You can call it using `php artisan security-check:now`.
## Translations
If you need to translate this package into your own language you can do so by publishing the translation files:
```bash
php artisan vendor:publish --provider="Jorijn\LaravelSecurityChecker\ServiceProvider" --tag="translations"
```
Please consider helping out by creating a pull request with your language to help out others.