This package includes an Artisan command that checks if your application uses dependencies with known security vulnerabilities. It is a wrapper around the Enlightn Security Checker.
You may use Composer to install the package on your Laravel application:
composer require --dev enlightn/laravel-security-checkerTo check for security vulnerabilities in your dependencies, you may run the security:check Artisan command:
php artisan security:check
You may specify a custom location for your composer.lock file, using the optional argument:
php artisan security:check /path/to/composer.lockBy default, this command displays the result in ANSI. You may use the --format option to display the result in JSON instead:
php artisan security:check --format=jsonIf you would like to exclude dev dependencies from the vulnerabilities scanning, you may use the --no-dev option (defaults to false):
php artisan security:check --no-devBy default, the security:check command uses the directory returned by the sys_get_temp_dir PHP function for storing the cached advisories database. If you wish to modify the directory, you may use the --temp-dir option:
php artisan security:check --temp-dir=/tmpThank you for considering contributing to the Enlightn security checker project! The contribution guide can be found here.
The Enlightn security checker for Laravel is licensed under the MIT license.