alfred-nutile-inc/larscanner

misc tools to scan apps after being deployed

Misc Tools to Help Scan Laravel for Security Issues

![Build Status][ico-travis] ![Quality Score][ico-code-quality] ![Software License][ico-license], _(*1)

Tons more to do this just one tool, _(*2)

Installation

composer require alfred-nutile-inc/larscanner:dev-master, _(*3)

Add to config/app.php, _(*4)

 AlfredNutileInc\LarScanner\Providers\LarScannerProvider::class

SensioLabs Composer Checker

by https://github.com/sensiolabs/security-checker, _(*5)

Make sure to add to your env, _(*6)

SECURITY_NOTICE_SLACK_URL=https://room_to_slack

Then add to app/Console/Kernel.php, _(*7)

        $schedule->command('larscanner:sensio')->daily()
        ->appendOutputTo('/tmp/security_issues.log')
        ->emailOutputTo('some@email.com');

The output is optional. By default it will send it to slack., _(*8)

You can turn slack off if needed by (todo), _(*9)

Testing

bash $ composer test, _(*10)

Contributing

Please see CONTRIBUTING and CONDUCT for details., _(*11)

TODO

• Allow slack to be turned off

Roadmap

• Can we scan our code? Something like http://brakemanscanner.org/, _(*12)

• What other well known libraries are there?, _(*13)

• Some good links phparch nov 2016 good article with links to a number of services and php tools, _(*14)

• can we find laravel vulnerabilities and scan our site nightly, _(*15)

• use behat to try and break into our sites?, _(*16)