Download the PHP package dgtlss/warden without Composer

Warden

Warden is a comprehensive Laravel security audit package that proactively monitors your dependencies and application configuration for security vulnerabilities. Built for enterprise-grade security scanning, Warden provides powerful features for modern Laravel applications.

🚀 Key Features

✅ Core Security Audits

• 🔍 Dependency Scanning: Composer and NPM vulnerability detection
• ⚙️ Configuration Audits: Environment, storage permissions, and Laravel config
• 📝 Code Analysis: PHP syntax validation and security checks
• 🔧 Custom Audit Rules: Organization-specific security policies

✅ Performance & Scalability

• ⚡ Parallel Execution: Up to 5x faster audit performance
• 🗄️ Intelligent Caching: Prevents redundant scans with configurable TTL
• 🎯 Severity Filtering: Focus on critical issues only

✅ Integration & Automation

• 📊 Multiple Output Formats: JSON, GitHub Actions, GitLab CI, Jenkins
• 🔔 Rich Notifications: Slack, Discord, Email with formatted reports
• ⏰ Automated Scheduling: Laravel scheduler integration
• 🔄 CI/CD Ready: Native support for all major platforms

Perfect for continuous security monitoring and DevOps pipelines.

📋 Table of Contents

• Installation
• Quick Start
• Configuration
• Security Audits
• Usage Examples
• Notifications
• Custom Audits
• Scheduling
• CI/CD Integration
• Advanced Features

🚀 Installation

Install via Composer:

Publish configuration:

This creates config/warden.php with all available options.

⚡ Quick Start

Basic Security Audit

With NPM Dependencies

JSON Output for CI/CD

Silent Mode (No Notifications)

⚙️ Configuration

Environment Variables

Add these to your .env file:

🔔 Notifications

⚡ Performance

⏰ Scheduling

📊 Output & Filtering

🔍 Security Audits

Warden performs comprehensive security analysis across multiple areas:

1. Composer Dependencies

• Scans PHP dependencies for known vulnerabilities
• Uses official composer audit command
• Identifies abandoned packages with replacement suggestions

2. NPM Dependencies

• Analyzes JavaScript dependencies (when --npm flag used)
• Detects vulnerable packages in package.json
• Validates package-lock.json integrity

3. Environment Configuration

• Verifies .env file presence and .gitignore status
• Checks for missing critical environment variables
• Validates sensitive key configuration

4. Storage & Permissions

• Audits Laravel storage directories (storage/, bootstrap/cache/)
• Ensures proper write permissions
• Identifies missing or misconfigured paths

5. Laravel Configuration

• Debug mode status verification
• Session security settings
• CSRF protection validation
• General security misconfigurations

6. PHP Syntax Analysis

• Code syntax validation across your application
• Configurable directory exclusions
• Integration with existing audit workflow

💡 Usage Examples

Basic Commands

Output Formats

Advanced Usage

🔔 Notifications

Warden supports multiple notification channels with rich formatting:

✅ Slack (Recommended)

• Color-coded severity levels
• Organized finding blocks
• Clickable CVE links
• Professional formatting

✅ Discord

• Rich embeds with color coding
• Grouped findings by source
• Custom branding

✅ Microsoft Teams

• Adaptive Cards with structured layouts
• Color-coded severity indicators
• Action buttons and rich formatting

✅ Email

• Professional HTML templates with modern styling
• Severity-based color coding and summary statistics
• Grouped findings by source with detailed information
• Separate templates for vulnerabilities and abandoned packages

Multiple Channels

Configure multiple channels simultaneously - Warden sends to all configured endpoints.

🔧 Custom Audits

Create organization-specific security rules:

1. Implement Custom Audit

2. Register Custom Audit

Add to config/warden.php:

⏰ Scheduling

Enable Automated Audits

Configure Schedule

Laravel Cron Setup

Ensure Laravel's scheduler is running:

🔄 CI/CD Integration

GitHub Actions

GitLab CI

Jenkins

🎯 Advanced Features

Performance Optimization

1. Parallel Execution: Enabled by default for 5x speed improvement
2. Intelligent Caching: Configurable cache duration prevents redundant API calls
3. Severity Filtering: Focus resources on critical issues

Audit Results

Exit Codes:

• 0: No vulnerabilities found
• 1: Vulnerabilities detected
• 2: Audit process failures

Severity Levels:

• critical: Immediate attention required
• high: Address as soon as possible
• medium: Should be reviewed and fixed
• low: Minor security concerns

Configuration Examples

🆕 What's New in v1.3.0

• ✅ Parallel audit execution for 5x faster performance
• ✅ Complete notification suite (Slack, Discord, Teams, Enhanced Email)
• ✅ Professional email templates with severity colors and statistics
• ✅ Microsoft Teams integration with Adaptive Cards
• ✅ CI/CD output formats (GitHub Actions, GitLab CI, Jenkins)
• ✅ Automated scheduling via Laravel scheduler
• ✅ Custom audit rules for organization-specific policies
• ✅ Intelligent caching with force refresh capability
• ✅ Severity filtering to focus on critical issues

📈 Roadmap

Coming Soon

• 📊 Audit history tracking and trend analysis
• 🔍 Additional audit types (Docker, Git, API security)
• 📋 Web dashboard for audit management
• 🤖 AI-powered vulnerability analysis and recommendations

🛠️ Troubleshooting

Common Issues

Command not found:

Composer audit failures:

📄 License

This package is open source and released under the MIT License.

🤝 Contributing

We welcome contributions! Please see our CONTRIBUTING GUIDELINES for details on:

• 🐛 Bug reports
• ✨ Feature requests
• 🔧 Code contributions
• 📚 Documentation improvements

💬 Support

• 🐛 Issues: GitHub Issues
• 💬 Discussions: GitHub Discussions
• 📋 Releases: Version History & Changelogs

💝 Support Development

If you find Warden useful for your organization's security needs, please consider supporting its development.