PHPackages austinheap/laravel-security-txt - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. austinheap/laravel-security-txt AbandonedArchivedLibrary[Security](/categories/security) austinheap/laravel-security-txt =============================== A package for serving `security.txt` in Laravel 5.5+, based on configuration settings. v0.4.1(8y ago)1076[1 issues](https://github.com/austinheap/laravel-security-txt/issues)MITPHPPHP >=7.0.0 Since Nov 22Pushed 7y ago1 watchersCompare [ Source](https://github.com/austinheap/laravel-security-txt)[ Packagist](https://packagist.org/packages/austinheap/laravel-security-txt)[ Docs](https://github.com/austinheap/laravel-security-txt)[ RSS](/packages/austinheap-laravel-security-txt/feed)WikiDiscussions master Synced yesterday READMEChangelog (2)Dependencies (5)Versions (3)Used By (0) Laravel 5.5+ `security.txt` Package =================================== [](#laravel-55-securitytxt-package) [![laravel-security-txt banner from the documentation](docs/img/banner-1544x500.png?raw=true)](docs/img/banner-1544x500.png?raw=true) [![License](https://camo.githubusercontent.com/8a0616e0513c0a0df1d2c534e15bf2a5bf88c650dd7dfafe5a570b567a36108b/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f6c2f61757374696e686561702f6c61726176656c2d73656375726974792d7478742e737667)](https://github.com/austinheap/laravel-security-txt/blob/master/LICENSE.md)[![Current Release](https://camo.githubusercontent.com/d65050963cb071c95ee562bfb567b36480df8bf2f5469dfc7312a4c137d25ba5/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f72656c656173652f61757374696e686561702f6c61726176656c2d73656375726974792d7478742e737667)](https://github.com/austinheap/laravel-security-txt/releases)[![Total Downloads](https://camo.githubusercontent.com/71668337fdf16df642a33cf9fbddde1a949c8e37e5446bd3ccfb867cdac006ff/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f61757374696e686561702f6c61726176656c2d73656375726974792d7478742e737667)](https://packagist.org/packages/austinheap/laravel-security-txt)[![Build Status](https://camo.githubusercontent.com/2c66ca0854b75b5181524bc045cd13a55799cea53aa757056d0f2fbc548c02a2/68747470733a2f2f7472617669732d63692e6f72672f61757374696e686561702f6c61726176656c2d73656375726974792d7478742e7376673f6272616e63683d6d6173746572)](https://travis-ci.org/austinheap/laravel-security-txt)[![Dependency Status](https://camo.githubusercontent.com/567fb3dce7c1688c675db2637686d4b14db8cd0216a185e5bef468a7626eae98/68747470733a2f2f67656d6e617369756d2e636f6d2f6261646765732f6769746875622e636f6d2f61757374696e686561702f6c61726176656c2d73656375726974792d7478742e737667)](https://gemnasium.com/github.com/austinheap/laravel-security-txt)[![Scrutinizer CI](https://camo.githubusercontent.com/a9101429f2069c3da982df95c2704359ad40c731432af7b57cf1ae3076875b2c/68747470733a2f2f7363727574696e697a65722d63692e636f6d2f672f61757374696e686561702f6c61726176656c2d73656375726974792d7478742f6261646765732f7175616c6974792d73636f72652e706e673f623d6d6173746572)](https://scrutinizer-ci.com/g/austinheap/laravel-security-txt/)[![StyleCI](https://camo.githubusercontent.com/340bcbfccf946d4afdf954ee8d5bc4e7f7ee2f051562eef39c58e18e64775537/68747470733a2f2f7374796c6563692e696f2f7265706f732f3130363037373930392f736869656c643f6272616e63683d6d6173746572)](https://styleci.io/repos/106077909)[![Maintainability](https://camo.githubusercontent.com/0fa2b91943f94dbf489b66e481b6fd891a2467ed11ea8a6afc9e71fc60970f82/68747470733a2f2f6170692e636f6465636c696d6174652e636f6d2f76312f6261646765732f63613165313035313066373738663532306262352f6d61696e7461696e6162696c697479)](https://codeclimate.com/github/austinheap/laravel-security-txt/maintainability)[![Test Coverage](https://camo.githubusercontent.com/f019dad86ec7b2f9e363cde9cf9af78d2e5e51e0595ea6eb7b5ddaa2006247f0/68747470733a2f2f6170692e636f6465636c696d6174652e636f6d2f76312f6261646765732f63613165313035313066373738663532306262352f746573745f636f766572616765)](https://codeclimate.com/github/austinheap/laravel-security-txt/test_coverage)[![SensioLabs](https://camo.githubusercontent.com/8a1e301edd2b6b23d5069bf2f6c263dfb5a7578c8b9a8e4b7db7a459347fe438/68747470733a2f2f696e73696768742e73656e73696f6c6162732e636f6d2f70726f6a656374732f39666536366239312d353861642d346263332d396563392d3337623339366262343833372f6d696e692e706e67)](https://insight.sensiolabs.com/projects/9fe66b91-58ad-4bc3-9ec9-37b396bb4837) A package for serving `security.txt` in Laravel 5.5+, based on configuration settings. -------------------------------------------------------------------------------------- [](#a-package-for-serving-securitytxt-in-laravel-55-based-on-configuration-settings) The purpose of this project is to create a set-it-and-forget-it package that can be installed without much effort to get a Laravel project compliant with the current [`security.txt`](https://securitytxt.org/) spec. It is therefore highly opinionated but built for configuration. When enabled, it allows access to all clients and serves up the `security.txt`. Otherwise, it operates almost identically to Laravel's default configuration, denying access to all clients. [`security.txt`](https://github.com/securitytxt) is a [draft](https://tools.ietf.org/html/draft-foudil-securitytxt-00)"standard" which allows websites to define security policies. This "standard" sets clear guidelines for security researchers on how to report security issues, and allows bug bounty programs to define a scope. Security.txt is the equivalent of `robots.txt`, but for security issues. There is [documentation for `laravel-security-txt` online](https://austinheap.github.io/laravel-security-txt/), the source of which is in the [`docs/`](https://github.com/austinheap/laravel-security-txt/tree/master/docs)directory. The most logical place to start are the [docs for the `SecurityTxt` class](https://austinheap.github.io/laravel-security-txt/classes/AustinHeap.Security.Txt.SecurityTxt.html). Table of Contents ----------------- [](#table-of-contents) - [Summary](#a-package-for-serving-securitytxt-in-laravel-55-based-on-configuration-settings) - [Installation](#installation) - [Step 1: Composer](#step-1-composer) - [Step 2: Remove any existing `security.txt`](#step-2-remove-any-existing-securitytxt) - [Step 3: Enable the package (Optional)](#step-3-enable-the-package-optional) - [Step 4: Configure the package](#step-4-configure-the-package) - [Full `.env` Example](#full-env-example) - [Unit Tests](#unit-tests) - [References](#references) - [Credits](#credits) - [License](#license) Installation ------------ [](#installation) ### Step 1: Composer [](#step-1-composer) Via Composer command line: ``` $ composer require austinheap/laravel-security-txt ``` Or add the package to your `composer.json`: ``` { "require": { "austinheap/laravel-security-txt": "0.3.*" } } ``` ### Step 2: Remove any existing `security.txt` [](#step-2-remove-any-existing-securitytxt) Laravel doesn't ship with a default `security.txt` file. If you have added one, it needs to be removed for the configured route to work. ``` $ rm public/.well-known/security.txt ``` ### Step 3: Enable the package (Optional) [](#step-3-enable-the-package-optional) This package implements Laravel 5.5's auto-discovery feature. After you install it the package provider and facade are added automatically. If you would like to declare the provider and/or alias explicitly, then add the service provider to your `config/app.php`: Add the service provider to your `config/app.php`: ``` 'providers' => [ // AustinHeap\Security\Txt\SecurityTxtServiceProvider::class, ]; ``` And then add the alias to your `config/app.php`: ``` 'aliases' => [ // 'SecurityTxt' => AustinHeap\Security\Txt\SecurityTxtFacade::class, ]; ``` ### Step 4: Configure the package [](#step-4-configure-the-package) Publish the package config file: ``` $ php artisan vendor:publish --provider="AustinHeap\Security\Txt\SecurityTxtServiceProvider" ``` You may now allow clients via `security.txt` by editing the `config/security-txt.php` file, opening up the route to the public: ``` return [ 'enabled' => env('SECURITY_TXT_ENABLED', true), ]; ``` Or simply setting the the `SECURITY_TXT_ENABLED` environment variable to true, via the Laravel `.env` file or hosting environment. ``` SECURITY_TXT_ENABLED=true ``` Full `.env` Example ------------------- [](#full-env-example) After installing the package with composer, simply add the following to your .env file: ``` SECURITY_TXT_ENABLED=true SECURITY_TXT_CACHE=true SECURITY_TXT_CONTACT=security@your-site.com SECURITY_TXT_ENCRYPTION=https://your-site.com/pgp.key SECURITY_TXT_DISCLOSURE=full SECURITY_TXT_ACKNOWLEDGEMENT=https://your-site.com/security-champions ``` Now point your browser to `http://your-site.com/.well-known/security.txt` and you should see: ``` # Our security address Contact: me@austinheap.com # Our PGP key Encryption: http://some.url/pgp.key # Our disclosure policy Disclosure: Full # Our public acknowledgement Acknowledgement: http://some.url/acks # # Generated by "laravel-security-txt" v0.4.0 (https://github.com/austinheap/laravel-security-txt/releases/tag/v0.4.0) # using "php-security-txt" v0.4.0 (https://github.com/austinheap/php-security-txt/releases/tag/v0.4.0) # in 0.041008 seconds on 2017-11-22 20:31:25. # # Cache is enabled with key "cache:AustinHeap\Security\Txt\SecurityTxt". # ``` Unit Tests ---------- [](#unit-tests) This package has aggressive unit tests built with the wonderful [orchestral/testbench](https://github.com/orchestral/testbench)package which is built on top of PHPUnit. There are [code coverage reports for `laravel-security-txt`](https://austinheap.github.io/laravel-security-txt/coverage/)available online. References ---------- [](#references) - [A Method for Web Security Policies (draft-foudil-securitytxt-00)](https://tools.ietf.org/html/draft-foudil-securitytxt-00) - [php-security-txt](https://github.com/austinheap/php-security-txt) - [securitytext.org](https://securitytext.org/) Credits ------- [](#credits) This is a fork of [InfusionWeb/laravel-robots-route](https://github.com/InfusionWeb/laravel-robots-route), which was a fork of [ellisthedev/laravel-5-robots](https://github.com/ellisthedev/laravel-5-robots), which was a fork of [jayhealey/Robots](https://github.com/jayhealey/Robots), which was based on earlier work. - [ellisio/laravel-5-robots Contributors](https://github.com/ellisio/laravel-5-robots/graphs/contributors) - [InfusionWeb/laravel-robots-route Contributors](https://github.com/InfusionWeb/laravel-robots-route/contributors) License ------- [](#license) The MIT License (MIT). Please see [License File](LICENSE.md) for more information. ### Health Score 25 — LowBetter than 37% of packages Maintenance18 Infrequent updates — may be unmaintained Popularity15 Limited adoption so far Community7 Small or concentrated contributor base Maturity49 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~100 days Total 2 Last Release 2993d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/892b0beaeaa56c4c759fe22312349c10cf805da0071421350e56e4e9ef48fa41?d=identicon)[austinheap](/maintainers/austinheap) --- Top Contributors [![austinheap](https://avatars.githubusercontent.com/u/80980?v=4)](https://github.com/austinheap "austinheap (9 commits)") --- Tags composercomposer-packagelaravellaravel-5-packagelaravel5laravel55phpphp7php70php71php72securitysecurity-txtlaravelsecurityroutesecurity.txt ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/austinheap-laravel-security-txt/health.svg) ``` [![Health](https://phpackages.com/badges/austinheap-laravel-security-txt/health.svg)](https://phpackages.com/packages/austinheap-laravel-security-txt) ``` ### Alternatives [akaunting/laravel-firewall Web Application Firewall (WAF) package for Laravel 999465.8k2](/packages/akaunting-laravel-firewall)[enlightn/laravel-security-checker A Laravel package to scan your dependencies for known security vulnerabilities. 51173.4k](/packages/enlightn-laravel-security-checker)[glaivepro/hidevara Laravel millipackage that hides variables from getting dumped in the Whoops page when your app crashes. 27303.9k](/packages/glaivepro-hidevara) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)