Download the PHP package jaydeep/laravel-guarddog without Composer
On this page you can find all versions of the php package jaydeep/laravel-guarddog. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package laravel-guarddog
🚀 Why GuardDog?
You shouldn't need to be a security expert to ship a secure Laravel app. GuardDog is a zero-config static security analyzer that scans your codebase for the OWASP style mistakes Laravel developers actually make and produces a clean, shareable HTML report with a security score your team can rally around.
- ⚡ Zero config — works out of the box on any Laravel 8–13 project
- 🎯 Laravel-aware — understands routes, middleware, Eloquent, Blade, and
.env - 📊 Beautiful HTML reports with a 0–100 security score
- 🆓 Free and open source (MIT)
📦 Installation & Setup
Requires PHP 7.4+ and Laravel 8–13.
Laravel auto-discovers the service provider. Publish the config (optional):
⚡ Quick Start
Run a full scan:
That's it. GuardDog scans your project and writes an HTML report to public/security-report.html.
| Command | What it does |
|---|---|
php artisan guarddog:scan |
Full scan + HTML report |
php artisan guarddog:scan --no-html |
Console output only |
php artisan guarddog:scan --output=storage/report.html |
Custom report path |
📸 Screenshots
Console Output
HTML Security Report
🔍 Features
GuardDog scans for the most common Laravel security vulnerabilities:
Code-level checks
- 🛑 Raw SQL injection risks —
DB::statement(),DB::raw(), andwhereRaw()with variable interpolation - 🛑 Unescaped Blade output —
{!! $userInput !!}flagged for XSS - 🛑 Mass assignment vulnerabilities — models missing
$fillableor$guarded - 🛑 Unsafe
eval(),shell_exec(),exec(),system()usage
Configuration checks
- ⚠️
APP_DEBUG=truein production - ⚠️ Weak or missing
APP_KEY - ⚠️ Default database credentials
- ⚠️
.envaccidentally committed to git - ⚠️ Session/cookie security flags (
SESSION_SECURE_COOKIE,SameSite)
Routes & middleware
- 🚧 Routes missing
authmiddleware - 🚧 CSRF exclusions in
VerifyCsrfToken - 🚧 Overly permissive CORS configuration
Dependencies
- 📦 Outdated packages with known CVEs (via Packagist advisories)
- 📦 Composer
minimum-stabilityset to dev
Don't see a check you need? Open an issue — new checks ship regularly.
📋 Example Report
The HTML report includes per-issue remediation guidance, code snippets, and a shareable score badge.
🤖 Continuous Integration
Fail your CI build when GuardDog finds critical issues:
GitLab, CircleCI, and Bitbucket Pipelines work the same way — just call the artisan command in your job.
⚙️ Configuration
After publishing the config (config/guarddog.php), you can:
- Disable specific checks you don't care about
- Set severity thresholds for CI failure
- Exclude paths (e.g.
vendor/,database/seeders/) - Customize the HTML report title, logo, and theme
📊 Security Score
GuardDog scores your app from 0 to 100. Every issue subtracts points based on severity:
| Severity | Points lost | Examples |
|---|---|---|
| 🔴 Critical | -15 | SQL injection, eval(), debug in prod |
| 🟡 Warning | -5 | Missing auth middleware, weak session config |
| 🔵 Notice | -1 | Style/best-practice nits |
A score of 80+ is good. 90+ is excellent. 100 means GuardDog found nothing — though no scanner catches everything, so manual review still matters.
❓ FAQ
How is this different from enlightn/enlightn?
Enlightn is a fantastic, broader tool covering security, performance, and reliability. GuardDog is **security-focused, lightweight, and zero-config** — designed to drop into any project and run in seconds, with a beautiful report you can hand to a non-technical stakeholder. Use both together for the best coverage.
Does GuardDog replace Roave Security Advisories?
No — they complement each other. `roave/security-advisories` blocks installation of vulnerable packages at the Composer level. GuardDog scans **your application code** for vulnerabilities you wrote yourself.Will GuardDog catch every security issue?
No static analyzer can. GuardDog catches a wide set of common Laravel-specific mistakes, but production security also requires manual code review, dependency scanning, penetration testing, and runtime protection. Treat GuardDog as one layer of defense.Does it send my code anywhere?
No. GuardDog runs 100% locally. No telemetry, no phone-home, no external API calls.Can I add custom checks?
Yes — GuardDog ships with an extensible check API. See the [Custom Checks guide](docs/custom-checks.md).🤝 Contributing
If you've found a security issue, please do not open a public issue. Email [email protected] directly.
Changelog
See CHANGELOG.md for recent updates.
📜 License
The MIT License (MIT). See LICENSE.md.
