I had found a Laravel plugin that is a security scanner that would do a code scan for common attack vectors, but the
composer require failed. I'm curious what people use to scan their applications to check for vulnerabilities before launch?
I've stuck to best practices like not using any direct DB::statement('do things') calls anywhere and stuck to eloquent, kept csrf enforcement, etc.
But I'm human. I miss things. I want to make sure that I can find them early.
Environment: CentOS 7, Apache, PHP 7+, Laravel 5.6