承接 fragly/laravel-security-tools 相关项目开发

从需求分析到上线部署,全程专人跟进,保证项目质量与交付效率

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

fragly/laravel-security-tools

Composer 安装命令:

composer require fragly/laravel-security-tools

包简介

Security scanner for Laravel: .env and config checks with CLI and Markdown reports.

README 文档

README

Latest Version on Packagist Downloads License Sponsor

Automatically scan your Laravel project for common security vulnerabilities in .env and configuration files.
Detect unsafe values, missing keys, and misconfigured HTTPS, CORS, and cookie settings — directly from your CLI.

Contents

🚀 Features

✅ Detects risky environment variables (APP_DEBUG=true, missing APP_KEY, etc.)
✅ Scans for insecure configuration values (CORS *, SESSION_SECURE=false, QUEUE=sync, etc.)
✅ Validates HTTPS usage in URLs and cookies
✅ Generates CLI or Markdown reports for CI/CD pipelines
✅ Includes strict mode (--strict) for automated fail conditions in CI
✅ Lightweight and dependency-free — works out of the box

📦 Installation

composer require fragly/laravel-security-tools --dev

Laravel will auto-discover the service provider.

Alternatively, you can register it manually in config/app.php:

'providers' => [
    Fragly\SecurityTools\SecurityToolsServiceProvider::class,
],

⚙️ Usage

Run a full scan

php artisan security:scan

Generate Markdown report (for CI or audit logs)

php artisan security:scan --format=md

Output file (by default): storage/logs/security-report.md

Strict mode (fail build on warnings)

php artisan security:scan --strict

🧠 What It Checks

Environment (.env)

Category Example Description
Required Keys APP_KEY, APP_URL, DB_* Must exist and be non-empty
Dangerous Values APP_DEBUG=true Warns if enabled in any environment
Forbidden in Production SESSION_DRIVER=array, QUEUE=sync Not allowed in production
Format Validation APP_KEY, APP_URL Must match regex and be valid
HTTPS Enforcement APP_URL, ASSET_URL Must start with https:// in production

Config Checks (config())

Check Description
app.debug=false in production Prevents debug mode in prod
session.secure=true Enforces HTTPS cookies
session.http_only=true Protects from JS access
cors.allowed_origins* Disallows wildcard CORS
cache.defaultarray Production cache driver check
queue.defaultsync Warns if queue runs inline
mail.defaultlog Ensures real mailer in prod
log.leveldebug Avoid verbose logs in prod
trustedproxy.proxies* Ensures proxy whitelist
app.url uses HTTPS Verifies production HTTPS URL

🧾 Markdown Report Example

When you run:

php artisan security:scan --format=md

It generates:

Laravel Security Tools Report

  • Generated at: 2025-10-25 03:00:00
Level Area Key Message Hint
ERROR env APP_DEBUG Dangerous value: true Set APP_DEBUG=false in production.
WARNING config cors.allowed_origins CORS allows all origins (*) Avoid "*" in production.

⚡ Configuration

You can publish the config file to customize checks:

Config file: config/security-tools.php

🧪 CI/CD Integration Example

GitHub Actions


on: [push, pull_request]

jobs:
security:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install dependencies
run: composer install --no-interaction --prefer-dist
- name: Run security scan
run: php artisan security:scan --strict

🧩 Compatibility

- Laravel: 9.x – 12.x

- PHP: >=8.2

❤️ Support & Sponsorship

If you like this package, you can support its development and get access to exclusive Laravel & Next.js dev tools:

Support on Patreon

🎁 Get early access to private packages, beta features, and developer insights.

Or buy me a coffee ☕

🧑‍💻 About the Author

Fragly Dev — Building tools for modern Laravel & Next.js developers.

Follow for more developer utilities, security helpers, and SaaS-ready boilerplates.

GitHub

Patreon

Website

🪪 License

This package is open-sourced software licensed under the MIT license.

Made with ❤️ by Fragly Dev — making Laravel projects safer by default.

🔍 SEO Keywords

laravel security, laravel security scan, laravel .env checker, laravel vulnerability scanner,
laravel config security, laravel audit tool, laravel .env validation, laravel production best practices,
laravel https cookie secure, laravel cors security, laravel session security, laravel debugging safe setup,
laravel security tools by Fragly, laravel security artisan command, laravel security report generator,
fraglydev, fragly security, fragly.net packages

fragly/laravel-security-tools 适用场景与选型建议

fragly/laravel-security-tools 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 95 次下载、GitHub Stars 达 0, 最近一次更新时间为 2025 年 10 月 25 日, 在 PHP 生态内属于活跃度较高的组件。

我们在过去多个企业项目中使用过 fragly/laravel-security-tools 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 fragly/laravel-security-tools 我们能提供哪些服务?
定制开发 / 二次开发

基于 fragly/laravel-security-tools 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 95
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 0
  • 点击次数: 29
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 0
  • Watchers: 0
  • Forks: 0
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2025-10-25