PHPackages                             bushra/security-scanner - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. bushra/security-scanner

ActiveLibrary[Security](/categories/security)

bushra/security-scanner
=======================

Laravel Security Scanner Package

1.0.0(3mo ago)010↓90.9%PHP

Since Mar 30Pushed 3mo agoCompare

[ Source](https://github.com/gbushrarameez-lang/laravel-security-scanner)[ Packagist](https://packagist.org/packages/bushra/security-scanner)[ RSS](/packages/bushra-security-scanner/feed)WikiDiscussions main Synced 3w ago

READMEChangelogDependenciesVersions (2)Used By (0)

🔐 Laravel Security Scanner
==========================

[](#-laravel-security-scanner)

Laravel Security Scanner is a lightweight developer tool that helps identify common security vulnerabilities in Laravel applications such as SQL Injection, mass assignment, unsafe raw queries, and missing validation.

---

🚀 Features
----------

[](#-features)

- 🔍 Scan Laravel code for vulnerabilities
- ⚠️ Detect SQL Injection risks
- 🛑 Identify unsafe raw queries (`DB::select`, `whereRaw`, etc.)
- 📦 Detect mass assignment issues (`$request->all()`)
- 🧠 Highlight missing validation
- 📍 Shows file name, line number, and severity
- ⚡ Easy CLI command integration

---

📦 Installation
--------------

[](#-installation)

```
composer require bushra/laravel-security-scanner
```

---

⚙️ Usage
--------

[](#️-usage)

Run the scanner using Artisan:

```
php artisan security:scan
```

Optional: Scan a specific directory

```
php artisan security:scan app/Http/Controllers
```

---

📊 Example Output
----------------

[](#-example-output)

```
[HIGH] UserController.php (Line 12)
Possible SQL Injection

[HIGH] UserController.php (Line 20)
Mass assignment risk

[MEDIUM] UserController.php (Line 35)
Dynamic orderBy - validate input

```

---

🧠 What It Detects
-----------------

[](#-what-it-detects)

### 🔴 High Severity

[](#-high-severity)

- SQL Injection (raw queries with variables)
- Unsafe `whereRaw`, `DB::select`, `DB::statement`
- Mass assignment (`$request->all()`)

### 🟠 Medium Severity

[](#-medium-severity)

- Dynamic column usage (e.g., `orderBy($request->input())`)
- Unsafe update patterns

### 🟡 Low Severity

[](#-low-severity)

- Missing validation in controller methods

---

❗ Important Notes
-----------------

[](#-important-notes)

- This tool uses pattern-based detection (regex)
- It helps identify common mistakes but does not replace manual code review
- Always follow Laravel best practices for security

---

🛠️ Best Practices
-----------------

[](#️-best-practices)

- Use Eloquent or Query Builder instead of raw SQL
- Always validate user input
- Avoid `$request->all()` in create/update
- Use parameter binding (`?`) in raw queries

---

🔧 Roadmap
---------

[](#-roadmap)

- ✅ CLI Scanner
- ⏳ Web UI Interface
- ⏳ Auto-fix suggestions
- ⏳ Configurable rules
- ⏳ CI/CD integration

---

🤝 Contributing
--------------

[](#-contributing)

Contributions are welcome! Feel free to open issues or submit pull requests.

---

📄 License
---------

[](#-license)

MIT License

---

👩‍💻 Author
----------

[](#‍-author)

Bushra

###  Health Score

34

—

LowBetter than 75% of packages

Maintenance82

Actively maintained with recent releases

Popularity6

Limited adoption so far

Community8

Small or concentrated contributor base

Maturity34

Early-stage or recently created project

 Bus Factor1

Top contributor holds 50% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Unknown

Total

1

Last Release

91d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/9aaa4864d8b54bd1108a6b4ac2257689a78f05c25d3159844db62867e13b7848?d=identicon)[gbushrarameez-lang](/maintainers/gbushrarameez-lang)

---

Top Contributors

[![bushraFirdous](https://avatars.githubusercontent.com/u/98415743?v=4)](https://github.com/bushraFirdous "bushraFirdous (2 commits)")[![gbushrarameez-lang](https://avatars.githubusercontent.com/u/256251583?v=4)](https://github.com/gbushrarameez-lang "gbushrarameez-lang (2 commits)")

### Embed Badge

![Health badge](/badges/bushra-security-scanner/health.svg)

```
[![Health](https://phpackages.com/badges/bushra-security-scanner/health.svg)](https://phpackages.com/packages/bushra-security-scanner)
```

###  Alternatives

[mews/purifier

Laravel 5/6/7/8/9/10 HtmlPurifier Package

2.0k18.0M137](/packages/mews-purifier)[paragonie/ecc

PHP Elliptic Curve Cryptography library

24772.0k35](/packages/paragonie-ecc)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)