Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
Hi Laravel Experts,
I wanted to discuss with you guys that our company is using Veracode Scanner before uploading the laravel code to the server.
Problem we are facing is that the scanner is finding most of the vulnerabilities in the Vendor file, that is it self the laravel framework code in which it is built.
Our criteria is that it should avoid vendor code vulnerabilities.
Anyone with the experience how to avoid laravel vendor code in veracode scanner.
Any help will be appreciated.
Thanks,
Veracode scanner seems to be very outdated and looking a the forum I couldn't really find an answer. They basically say that the vendor directory should be fixed by yourself 😅 Also it doesn't seem they have first-party support for Laravel. If they would, there wouldn't be an issue at all
Anyway, I don't think I can help you other then recommending you to use a different tool
@bobbybouwmann Thank you bobby :) , Really appreciate your help. Can you suggest us other tools other than veracode, so we can look into it. ?
@Fahad Pervez I normally run a few things inside my pipelines/actions
Thanks @bobbybouwmann really appreciate you help!
Please or to participate in this conversation.