Integrate sensiolabs/security-checker to your Laravel project.
Add a command to check the project dependencies in composer.lock
against the Symfony Security Advisories Database
Using composer:
composer require sun-asterisk/laravel-security-checker
For Laravel 5.4 and earlier, add the service provider to your config/app.php.
'providers' => [
// ...
SunAsterisk\LaravelSecurityChecker\ServiceProvider::class
// ...
];
The security checker is provided as an Artisan command
php artisan security:check
The command exit with status code 1 if vulnerabilities are found so you can use it in your CI pipeline.
In addition to printing vulnerable packages, you can generate a report file. JSON & JUnit format report are supported.
Generate a JSON report:
php artisan security:check --report-json=security-check.json
Generate a JUnit report:
php artisan security:check --report-junit=security-check.xml