Level 102
Laravel enlightn does some basic scanning of the app and packages. Not sure if it fits your needs https://www.laravel-enlightn.com/
Mar 10, 2022
3
Level 67
Anyone use a CVE vulnerability scanner?
We started using the AWS Inspector at my job to check our Laravel projects for CVE vulnerabilities.
Is there anything else out there for doing this? Just trying to see if there are any lightweight/popular alternatives or ways that developers are going about this, I really like the idea for my other projects. Thanks!
Level 67
@Sinnbeck Nice, pretty much exactly what I was looking for.
Particularly: https://www.laravel-enlightn.com/docs/security/vulnerable-dependency-analyzer.html
Level 1
We have integrated a Security Scanner for Laravel in our build pipeline.
Github Action here: https://github.com/ephort/security-scanner-actions/
It does some misc. security checks.
We also use Snyk which is more in-depth, but has to run from the inside and it's only free to a limited degree (200 tests/mo as of now).
Snyk can also be run from Github Actions.
Please or to participate in this conversation.