PHP download

Download the PHP package yousha/php-security-linter without Composer

On this page you can find all versions of the php package yousha/php-security-linter. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

Table of contents
Download yousha/php-security-linter
More information about yousha/php-security-linter
Files in yousha/php-security-linter

Vendor yousha
Package php-security-linter
Short Description A PHP tool to lint PHP files for security issues based on CIS and OWASP best practices.
License GPL-3.0-only
Homepage https://github.com/yousha/php-security-linter

Keywords php security linter static-analysis owasp secure-coding cis code-analysis vulnerability-detection security-linter security-audit security-best-practices

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:

If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.

Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
To use Composer is sometimes complicated. Especially for beginners.
Composer needs much resources. Sometimes they are not available on a simple webspace.
If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.

Please rate this library. Is it a good library?

Example code of yousha/php-security-linter

Informations about the package php-security-linter

PHP Security Linter (Beta)

A PHP tool to lint PHP files for security issues based on CIS and OWASP best practices.

repo size

Overview
Features
Requirements
Installation
Usage
FAQ
Support
Changelog
ToDo
Contributing
Code of Conduct
DCO
Contributors
Notice
License

Overview

PHP Security Linter is a static analysis tool designed to identify security vulnerabilities in PHP code by enforcing CIS benchmarks and OWASP Top 10 standards. Built for developers and security teams, this linter scans codebases without execution(SAST) to detect risks like SQL injection, XSS, misconfigurations, and sensitive data exposure before they reach production.

Features

200+ vuilt-in security rules:
- Injection flaws (SQLi, Command, LDAP)
- Cryptographic weaknesses
- XSS and SSRF vulnerabilities
- Security misconfigurations
- Sensitive data exposure
- API security risks
- Cloud misconfigurations
Multi-Standard support:
- CIS PHP Benchmark v3.0
- OWASP Top 10 2021
- Custom rule sets
Fast static analysis without executing code
Multiple output formats (Console, JSON)
Configurable ruleset
DevSecOps ready CI/CD pipeline integration
Exclusion support for ignoring specific paths
Supported PHP: 7.4, 8.*
Supported platforms: Windows, GNU/Linux, MacOS

Requirements

PHP 7.4 or PHP +8.2
Composer >= 2

Versions

Package version	Branch name	PHP version	Status
dev-main	`main`	+8.2	Active
3.*	`main`	+8.2	Active
dev-main-php7.4	`main-php7.4`	7.4	Maintenance
2.*	`main-php7.4`	7.4	Maintenance
1.*		5.6	EOL

Active: Full support
Maintenance: Critical/Security fixes only
EOL: Unsupported

The version of package that gets installed is automatically selected by Composer based on current installed PHP version.

Screenshots

Diagrams

Component diagram:

Dataflow diagram:

Installation

Via Composer per project:

Or via Composer globally:

Usage

Lint current directory:

Or (Windows):

Lint a directory:

Lint with path exclusion:

Excluding a specific directory, path exclusion, and rule exclusion:

JSON output:

Commands

Option	Description
`-p, --path`	Path to scan (required)
`--exclude`	Comma-separated paths to exclude
`--exclude-rules`	Comma-separated rule IDs to ignore
`--help`	Show help message

Example output

QA/QC test

Run tests to ensure everything works as expected:

Or:

FAQ

See FAQ.txt file.

Support

For any question, issues and feature requests, open an issue..

Changelog

See CHANGELOG.txt file.

ToDo

See TODO.txt file.

Contributing

Contributions are welcome! Please follow these steps:

Fork repository.
Create a new branch for your feature or bugfix.
Submit a pull request with a detailed description of your changes.

For more details see CONTRIBUTING.txt.

Code of Conduct

See CODE_OF_CONDUCT.txt file.

DCO

See DCO.txt file.

Contributors

See CONTRIBUTORS.txt file.

Notice

See NOTICE.txt file.

License

This open-source software is distributed under the GPL-3.0 license. See LICENSE file.

All versions of php-security-linter with dependencies

PHP Build Version

Package Version

Version 3.1.7.5 Release 17. Dec 2025
create-project require 0 people chose require and
0 people chose create-project.

Download

Download latest version of php-security-linter from vendor yousha

Requires php Version 8.*
ext-pcre Version *

Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package yousha/php-security-linter contains the following files

Loading the files please wait ...