定制 shieldci/laravel 二次开发

按需修改功能、优化性能、对接业务系统,提供一站式技术支持

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

shieldci/laravel

Composer 安装命令:

composer require shieldci/laravel

包简介

Automated code analysis for Laravel applications covering security, performance, reliability, code quality and best practices.

README 文档

README

Latest Version on Packagist PHP Version Laravel Version License Tests codecov Documentation

ShieldCI terminal demo

Automated code analysis for Laravel applications — 73 open-source analyzers covering security, performance, reliability, code quality, and best practices.

Built on top of shieldci/analyzers-core - a shared, framework-agnostic foundation for static analysis tools.

Requirements

  • PHP 8.1 or higher
  • Laravel 9.x, 10.x, 11.x, 12.x, 13.x

Architecture

This package uses shieldci/analyzers-core for its core analyzer functionality, providing:

  • Type-safe enums (Status, Category, Severity)
  • Immutable value objects (Location, Issue, AnalyzerMetadata)
  • Abstract base classes (AbstractAnalyzer, AbstractFileAnalyzer)
  • AST parsing with nikic/php-parser
  • Result formatters (JSON, Console)
  • Comprehensive utilities (CodeHelper, FileParser)

Installation

composer require shieldci/laravel

Configuration

Publish the configuration file:

php artisan vendor:publish --tag=shieldci-config

Add your ShieldCI credentials to .env (your API token is displayed when you create a project in the ShieldCI dashboard):

SHIELDCI_TOKEN=your-api-token
SHIELDCI_PROJECT_ID=your-project-id

Usage

Run the analysis:

php artisan shield:analyze

Options

Run a specific analyzer:

php artisan shield:analyze --analyzer=sql-injection

Run analyzers by category:

php artisan shield:analyze --category=security

Output as JSON:

php artisan shield:analyze --format=json

Save report to file:

php artisan shield:analyze --output=report.json

Send results to ShieldCI platform:

php artisan shield:analyze --report

Schedule analysis with trigger tracking:

// Laravel 11+ (routes/console.php)
Schedule::command('shield:analyze --triggered-by=scheduled --report')->daily();

// Laravel 11+ (bootstrap/app.php)
->withSchedule(function (Schedule $schedule) {
    $schedule->command('shield:analyze --triggered-by=scheduled --report')->daily();
})

// Laravel 9-10 (app/Console/Kernel.php)
$schedule->command('shield:analyze --triggered-by=scheduled --report')->daily();

Advanced Features

Baseline Support (Gradual Adoption)

Generate a baseline to suppress existing issues and only catch new ones:

# Generate baseline from current state (all analyzers, respects config)
php artisan shield:baseline

# Generate baseline for CI mode (only CI-compatible analyzers)
php artisan shield:baseline --ci

# Merge with existing baseline
php artisan shield:baseline --merge

# Analyze against baseline (only NEW issues reported)
php artisan shield:analyze --baseline

CI Mode (Optimized for CI/CD)

Skip slow or network-dependent analyzers in CI/CD:

# Run in CI mode (only CI-compatible analyzers)
php artisan shield:analyze --ci

Whitelist/blacklist specific analyzers in config/shieldci.php:

'ci_mode_analyzers' => ['sql-injection', 'xss-vulnerabilities', 'csrf-protection'],
'ci_mode_exclude_analyzers' => ['vulnerable-dependencies', 'frontend-vulnerable-dependencies'],

Don't Report (Exit Code Control)

Run informational analyzers without failing CI:

// config/shieldci.php
'dont_report' => [
    'missing-docblock',    // Informational only
    'commented-code',      // Won't fail CI
],

Compact Output

Limit displayed issues per check:

# Show only 3 issues per check
SHIELDCI_MAX_ISSUES=3 php artisan shield:analyze

Environment-Aware Analyzers

Some analyzers are only relevant in specific environments. ShieldCI automatically handles multi-environment setups through environment mapping.

Standard environments (no configuration needed):

  • local - Local development
  • development - Development server
  • staging - Staging/pre-production
  • production - Production
  • testing - Automated testing

Custom environments (configure mapping):

// config/shieldci.php
'environment_mapping' => [
    'production-us' => 'production',
    'production-eu' => 'production',
    'staging-preview' => 'staging',
    'prod-1' => 'production',
],

How it works:

  • Analyzers declare which environments they're relevant for (e.g., ['production', 'staging'])
  • Custom environment names are automatically mapped to standard types
  • Analyzers run only in their relevant environments

Example: AutoloaderOptimizationAnalyzer only runs in production/staging environments.

Available Analyzers

ShieldCI includes 73 comprehensive analyzers across five categories:

Category Count Coverage
Security 22 Complete OWASP Top 10 2021
Performance 18 Optimize speed and efficiency
Reliability 13 Ensure stability and correctness
Code Quality 5 Improve maintainability
Best Practices 15 Laravel-specific patterns

Full Analyzer Reference — all 73 analyzers with examples and fix guidance

ShieldCI Pro

ShieldCI Pro adds 82 advanced analyzers on top of the free package:

Category Count Coverage
Security 45 Enterprise-grade vulnerability detection
Performance 15 Advanced performance optimization
Reliability 15 Production-grade resilience checks
Best Practices 4 Laravel architecture and conventions
Code Quality 3 Test coverage and quality analysis

Highlights:

  • Security — command injection, SSRF, XXE, object injection, GDPR compliance, hard-coded credentials, cryptographic weaknesses; framework-specific checks for Sanctum, Horizon, Telescope, Nova, Livewire, Inertia, and FilamentPHP
  • Performance — Redis rate limiting, CDN/HTTP2/compression header analysis, lazy collection opportunities, FilamentPHP table optimization
  • Reliability — health check and alerting config, job queue config, Horizon status and provisioning, Redis eviction policy, Laravel Vapor config

Upgrade to Pro

Configuration Options

See config/shieldci.php for all available configuration options.

Fail Conditions

Configure when the analysis should fail:

'fail_on' => 'critical', // never, critical, high, medium, low
'fail_threshold' => 80,  // Minimum score to pass (0-100)

Paths

Configure which paths to analyze:

'paths' => [
    'analyze' => ['app', 'config', 'database', 'routes'],
],

'excluded_paths' => [
    'vendor/*',
    'node_modules/*',
    'storage/*',
],

Creating Custom Analyzers

Quick example:

<?php

namespace ShieldCI\Analyzers\Security;

use ShieldCI\AnalyzersCore\Abstracts\AbstractFileAnalyzer;
use ShieldCI\AnalyzersCore\Contracts\ResultInterface;
use ShieldCI\AnalyzersCore\ValueObjects\{AnalyzerMetadata, Location};
use ShieldCI\AnalyzersCore\Enums\{Category, Severity};

class MyAnalyzer extends AbstractFileAnalyzer
{
    protected function metadata(): AnalyzerMetadata
    {
        return new AnalyzerMetadata(
            id: 'my-analyzer',
            name: 'My Custom Analyzer',
            description: 'Checks for custom security issues',
            category: Category::Security,
            severity: Severity::High,
        );
    }

    protected function runAnalysis(): ResultInterface
    {
        // Your analysis logic
        $issues = [];

        foreach ($this->getPhpFiles() as $file) {
            // Analyze files
        }

        return empty($issues)
            ? $this->passed('No issues found')
            : $this->failed('Issues detected', $issues);
    }
}

Testing

composer test           # 4,000+ tests
composer test-coverage  # 98%+ code coverage
composer analyse        # PHPStan Level 9

Documentation

License

MIT License. See LICENSE file for details.

shieldci/laravel 适用场景与选型建议

shieldci/laravel 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 10.72k 次下载、GitHub Stars 达 2, 最近一次更新时间为 2025 年 11 月 11 日, 在 PHP 生态内属于活跃度较高的组件。

它主要适用于以下技术方向: 「performance」 「security」 「laravel」 「static-analysis」 「Best-Practices」 「reliability」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。

我们在过去多个企业项目中使用过 shieldci/laravel 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 shieldci/laravel 我们能提供哪些服务?
定制开发 / 二次开发

基于 shieldci/laravel 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 10.72k
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 2
  • 点击次数: 36
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 2
  • Watchers: 0
  • Forks: 0
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2025-11-11