Download the PHP package dgtlss/warden without Composer
On this page you can find all versions of the php package dgtlss/warden. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download dgtlss/warden
More information about dgtlss/warden
Files in dgtlss/warden
Package warden
Short Description A Laravel package that proactively monitors your dependencies for security vulnerabilities by running automated composer audits and sending notifications via webhooks and email
License MIT
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package warden
Warden
Warden is a comprehensive Laravel security audit package that proactively monitors your dependencies and application configuration for security vulnerabilities. Built for enterprise-grade security scanning, Warden provides powerful features for modern Laravel applications, ensuring your projects remain secure from development to production.
🚀 Key Features
✅ Core Security Audits
- 🔍 Dependency Scanning: Composer and NPM vulnerability detection
- ⚙️ Configuration Audits: Environment, storage permissions, and Laravel config
- 📝 Code Analysis: PHP syntax validation and security checks
- 🔧 Custom Audit Rules: Organization-specific security policies
✅ Performance & Scalability
- ⚡ Parallel Execution: Up to 5x faster audit performance
- 🗄️ Intelligent Caching: Prevents redundant scans with configurable TTL
- 🎯 Severity Filtering: Focus on critical issues only
✅ Integration & Automation
- 📊 Multiple Output Formats: JSON, GitHub Actions, GitLab CI, Jenkins
- 🔔 Rich Notifications: Slack, Discord, Email with formatted reports
- ⏰ Automated Scheduling: Laravel scheduler integration
- 🔄 CI/CD Ready: Native support for all major platforms
Perfect for continuous security monitoring and DevOps pipelines.
📋 Table of Contents
- Installation
- Quick Start
- Command Reference
- Configuration
- Security Audits
- Usage Examples
- Notifications
- Custom Audits
- Scheduling
- CI/CD Integration
- Advanced Features
- FAQ
- Troubleshooting
🚀 Installation
To install Warden, use Composer:
Publish configuration:
This creates config/warden.php with all available options.
Note: The package includes .idea in .gitignore for improved support with IntelliJ IDEA and JetBrains IDEs.
⚡ Quick Start
Dive into Warden's powerful security auditing capabilities with these simple commands:
Basic Security Audit
Run a comprehensive security scan of your Laravel application:
With NPM Dependencies
Include JavaScript vulnerabilities in your audit:
JSON Output for CI/CD
Generate machine-readable reports for automated pipelines:
No Notifications
Run audits without sending notifications (useful for CI or local checks):
Note:
--silentstill works for backward compatibility.
📌 Command Reference
Quick reference for all commands and options.
| Command | Options | Description |
|---|---|---|
warden:audit |
— | Run all security audits |
--no-notify |
Suppress notifications (CI/local use) | |
--npm |
Include NPM dependency scan | |
--ignore-abandoned |
Don't fail on abandoned packages | |
--output=json\|github\|gitlab\|jenkins |
Machine-readable output | |
--severity=low\|medium\|high\|critical |
Filter by minimum severity | |
--force |
Clear cache and re-run all audits | |
warden:syntax |
— | PHP syntax validation only |
warden:schedule |
--enable |
Enable scheduled audits |
--disable |
Disable scheduled audits | |
--status |
Show schedule status |
⚙️ Configuration
Environment Variables
Add these to your .env file:
🔔 Notifications
⚡ Performance
🔬 PHP Syntax Audit
⏰ Scheduling
Ignoring Accepted Findings
If your team has reviewed a finding and wants to suppress it without forking the package, add an ignore_findings rule to config/warden.php.
All provided keys in a rule must match for the finding to be ignored. String values support wildcard matching.
🔍 Security Audits
Warden performs comprehensive security analysis across multiple areas:
1. Composer Dependencies
- Scans PHP dependencies for known vulnerabilities
- Uses official
composer auditcommand - Identifies abandoned packages with replacement suggestions
2. NPM Dependencies
- Analyzes JavaScript dependencies (when
--npmflag used) - Detects vulnerable packages in
package.json - Validates
package-lock.jsonintegrity
3. Environment Configuration
- Verifies
.envfile presence and.gitignorestatus - Checks for missing critical environment variables
- Validates sensitive key configuration
4. Storage & Permissions
- Audits Laravel storage directories (
storage/,bootstrap/cache/) - Ensures proper write permissions
- Identifies missing or misconfigured paths
5. Laravel Configuration
- Enhanced debug mode auditing: Accurately detects development packages in production by scanning
vendor/composer/installed.json - Session security settings
- CSRF protection validation
- General security misconfigurations
6. PHP Syntax Analysis
- Code syntax validation across your application
- Configurable directory exclusions
- Integration with existing audit workflow
💡 Usage Examples
Basic Commands
Output Formats
Advanced Usage
🔔 Notifications
Warden supports multiple notification channels with rich formatting:
✅ Slack (Recommended)
- Color-coded severity levels
- Organized finding blocks
- Clickable CVE links
- Professional formatting
✅ Discord
- Rich embeds with color coding
- Grouped findings by source
- Custom branding
✅ Microsoft Teams
- Adaptive Cards with structured layouts
- Color-coded severity indicators
- Action buttons and rich formatting
- Professional HTML templates with modern styling
- Severity-based color coding and summary statistics
- Grouped findings by source with detailed information
- Separate templates for vulnerabilities and abandoned packages
Multiple Channels
Configure multiple channels simultaneously - Warden sends to all configured endpoints.
🔧 Custom Audits
Create organization-specific security rules:
1. Implement Custom Audit
2. Register Custom Audit
Add to config/warden.php:
⏰ Scheduling
Enable Automated Audits
Configure Schedule
Laravel Cron Setup
Ensure Laravel's scheduler is running:
🔄 CI/CD Integration
GitHub Actions
GitLab CI
Jenkins
🎯 Advanced Features
Performance Optimization
- Parallel Execution: Enabled by default for 5x speed improvement
- Intelligent Caching: Configurable cache duration prevents redundant API calls
- Severity Filtering: Focus resources on critical issues
Audit Results
Exit Codes:
0: No vulnerabilities found1: Vulnerabilities detected2: Audit process failures
Severity Levels:
critical: Immediate attention requiredhigh: Address as soon as possiblemedium: Should be reviewed and fixedlow: Minor security concerns
Configuration Examples
Output & severity: Use
--outputand--severityCLI options (not config). See Command Reference above.
📈 Roadmap
Coming Soon
- 📊 Audit history tracking and trend analysis
- 🔍 Additional audit types (Docker, Git, API security)
- 📋 Web dashboard for audit management
- 🤖 AI-powered vulnerability analysis and recommendations
❓ FAQ
How does Warden differ from built-in Composer audit?
Warden extends beyond Composer audit with NPM scanning, environment checks, storage permissions, Laravel-specific configurations, and custom audit rules for comprehensive security monitoring.
Can Warden run in CI/CD without notifications?
Yes! Use --no-notify to suppress notifications while still generating reports for your pipeline. (--silent also works.)
What are the performance impacts?
Minimal! Parallel execution and intelligent caching ensure audits complete in seconds, with configurable timeouts and retry logic.
How do I handle false positives?
Use severity filtering (--severity=high) and custom audits to tune findings for your organization's security policies.
Is my data secure?
Absolutely. Warden processes everything locally - no external data transmission except for configured notification webhooks.
🛠️ Troubleshooting
Common Issues
Command not found:
Composer audit failures:
📄 License
This package is open source and released under the MIT License.
🤝 Contributing
We welcome contributions! Please see our CONTRIBUTING GUIDELINES for details on:
- 🐛 Bug reports
- ✨ Feature requests
- 🔧 Code contributions
- 📚 Documentation improvements
💬 Support
- 🐛 Issues: GitHub Issues
- 💬 Discussions: GitHub Discussions
- 📋 Releases: Version History & Changelogs
💝 Support Development
If you find Warden useful for your organization's security needs, please consider supporting its development.
All versions of warden with dependencies
illuminate/support Version ^7.0|^8.0|^9.0|^10.0|^11.0|^12.0|^13.0
illuminate/cache Version ^7.0|^8.0|^9.0|^10.0|^11.0|^12.0|^13.0
guzzlehttp/guzzle Version ^7.0
laravel/prompts Version ^0.3