Download the PHP package leonardolima/laravel-security-check without Composer
On this page you can find all versions of the php package leonardolima/laravel-security-check. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download leonardolima/laravel-security-check
More information about leonardolima/laravel-security-check
Files in leonardolima/laravel-security-check
Package laravel-security-check
Short Description Security validator for Laravel projects
License MIT
Informations about the package laravel-security-check
<img src="art/SecurityScan.png" alt="Laravel Security Check" />
Laravel Security Check
This project aims to provide tools and best practices to verify and improve the security of Laravel applications.
Features
✅ Check for insecure configurations
✅ Analyze file and directory permissions
✅ Debugbar and Telescope Make sure packages like barryvdh/laravel-debugbar and laravel/telescope are not enabled in production.
✅ APP_URL Check if APP_URL is correctly configured for the production domain.
- APP_KEY Already validating, but you can also check if it is not the default key (base64:... unchanged).
✅ Queue and Cache Drivers Avoid using drivers like sync or file in production for QUEUE_CONNECTION and CACHE_DRIVER.
✅ Session Driver Avoid SESSION_DRIVER=file in production, prefer redis or database.
✅ Mail Driver Avoid MAIL_MAILER=log or MAIL_MAILER=array in production.
-
Trusted Proxies Make sure TRUSTED_PROXIES is set if you are behind a proxy/reverse proxy.
-
CORS Make sure your CORS settings are not too open.
- Logging Avoid LOG_CHANNEL=stack with single in production, prefer daily or external systems.
✅ Public Directories Make sure sensitive files (like .env, composer.lock, etc.) are not publicly accessible.
-
Composer Autoload Make sure autoload is optimized (composer dump-autoload -o).
-
Config Cache Make sure configs are cached (php artisan config:cache).
- Route Cache Make sure routes are cached (php artisan route:cache).
✅ Debug Mode Besides APP_DEBUG, make sure that there are no other debug modes active.
✅ Error Exposure Check that APP_DEBUG is false and that there are no custom handlers exposing stack traces.
How to use by cloning the repository
-
Clone the repository:
-
Install the dependencies:
- Run the security checks:
Using with Composer Install
-
Install the package via Composer:
- After installation, you can run the security check command:
Requirements
- PHP >= 8.0
- Composer
- Laravel >= 9.x
Contribution
Contributions are welcome! Feel free to open issues or send pull requests.
License
This project is licensed under the MIT License.