README

🚀 Overview

Laravel SecureScan is a powerful security analysis tool for Laravel applications.

##🔥 Real-time Laravel security scanner with live dashboard (no queue required)

It scans your codebase to detect:

🔴 Critical vulnerabilities (SQL Injection, XSS, Secrets)
🟡 Security misconfigurations
🟢 Best practice issues

It provides:

⚡ CLI-based scanning
📊 Real-time web dashboard
📁 Detailed findings with fixes

🔥 Features

✅ CLI Scanner

Real-time progress bar
Colored severity output
Detailed issue + fix suggestions

✅ Web Dashboard

Live scanning (no queue required)
Progress tracking
Severity charts (High / Medium / Low)
Live logs (terminal-style)
Findings table

✅ Security Checks

🔴 High Severity

SQL Injection detection
XSS vulnerabilities
Hardcoded secrets
ENV exposure
Dangerous PHP functions
Sensitive data logging

🟡 Medium Severity

Missing authorization
Mass assignment issues
File upload risks
Open redirects
Rate limiting issues
Unvalidated input

🟢 Low Severity

Weak random usage
Hardcoded URLs

📦 Installation

composer require dhanikkeraliya/laravel-securescan

⚙️ Configuration

Publish config:

php artisan vendor:publish --tag=securescan-config

🔍 Usage

CLI Scan

php artisan security:scan

Web Dashboard

http://localhost:8000/_securescan

🚫 Ignore Rules (`.securescan-ignore`)

Laravel SecureScan allows you to ignore specific files, patterns, or rules using a .securescan-ignore file placed in the project root.

This helps reduce noise and avoid false positives in your scans.

📄 Example

Create a file:

.securescan-ignore

Add rules like:

# Ignore specific files
app/Models/Test.php

# Ignore by pattern
*/Seeder.php

# Ignore by rule
SQL Injection
XSS

🔍 Supported Ignore Types

1. Ignore Specific File

app/Models/Test.php

2. Ignore by Pattern

*/Seeder.php

3. Ignore by Rule Type

SQL Injection
XSS

⚙️ Usage

Run scan with ignore rules enabled:

php artisan security:scan --ignore

⚠️ Important Notes

Ignore rules are applied after scan results are generated
Rule matching is based on:
- File path
- Finding type (e.g., SQL Injection)
Keep rules minimal to avoid hiding real vulnerabilities

💡 Best Practice

Use ignore rules only when:

You have verified a false positive
The issue is intentionally handled in your code

Avoid blindly ignoring critical issues.

🖥️ Dashboard Preview

CLI Output

Why SecureScan?

Most Laravel security tools:

Only scan dependencies ❌
No UI ❌
No real-time feedback ❌

SecureScan provides:

Code-level scanning ✅
Real-time dashboard ✅
Developer-friendly output ✅

🤝 Contributing

Contributions are welcome!

Steps:

Fork the repo
Create feature branch
Submit PR

🔐 Security

If you find any vulnerabilities, please check SECURITY.md.

📄 License

MIT License

dhanikkeraliya/laravel-securescan

包简介

关键字：

README 文档

README

🚀 Overview

🔥 Features

✅ CLI Scanner

✅ Web Dashboard

✅ Security Checks

🔴 High Severity

🟡 Medium Severity

🟢 Low Severity

📦 Installation

⚙️ Configuration

🔍 Usage

CLI Scan

Web Dashboard

🚫 Ignore Rules (`.securescan-ignore`)

📄 Example

🔍 Supported Ignore Types

1. Ignore Specific File

2. Ignore by Pattern

3. Ignore by Rule Type

⚙️ Usage

⚠️ Important Notes

💡 Best Practice

🖥️ Dashboard Preview

CLI Output

Why SecureScan?

🤝 Contributing

🔐 Security

📄 License

统计信息

GitHub 信息

其他信息

承接程序开发

dhanikkeraliya/laravel-securescan

包简介

关键字：

README 文档

README

🚀 Overview

🔥 Features

✅ CLI Scanner

✅ Web Dashboard

✅ Security Checks

🔴 High Severity

🟡 Medium Severity

🟢 Low Severity

📦 Installation

⚙️ Configuration

🔍 Usage

CLI Scan

Web Dashboard

🚫 Ignore Rules (.securescan-ignore)

📄 Example

🔍 Supported Ignore Types

1. Ignore Specific File

2. Ignore by Pattern

3. Ignore by Rule Type

⚙️ Usage

⚠️ Important Notes

💡 Best Practice

🖥️ Dashboard Preview

CLI Output

Why SecureScan?

🤝 Contributing

🔐 Security

📄 License

统计信息

GitHub 信息

其他信息

承接程序开发

🚫 Ignore Rules (`.securescan-ignore`)