PHPackages                             jaydeep/laravel-guarddog - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. jaydeep/laravel-guarddog

ActiveLibrary[Security](/categories/security)

jaydeep/laravel-guarddog
========================

Laravel GuardDog — Scan your Laravel project for common security vulnerabilities and generate beautiful HTML reports.

v1.1.0(3w ago)7545↑2690.9%MITPHPPHP ^7.4|^8.0

Since Apr 4Pushed 3w agoCompare

[ Source](https://github.com/JaydeepGadhiya/laravel-guarddog)[ Packagist](https://packagist.org/packages/jaydeep/laravel-guarddog)[ RSS](/packages/jaydeep-laravel-guarddog/feed)WikiDiscussions main Synced 1w ago

READMEChangelogDependencies (2)Versions (4)Used By (0)

🐕 Laravel GuardDog
==================

[](#-laravel-guarddog)

### A security scanner for Laravel that finds vulnerabilities and generates beautiful HTML reports.

[](#a-security-scanner-for-laravel-that-finds-vulnerabilities-and-generates-beautiful-html-reports)

[![CI](https://github.com/JaydeepGadhiya/laravel-guarddog/actions/workflows/ci.yml/badge.svg)](https://github.com/JaydeepGadhiya/laravel-guarddog/actions)[![Latest Version on Packagist](https://camo.githubusercontent.com/957ac7466a59434efa1939e6f4fc9a52060cabcdd71d28d6814773d374aa60b1/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f6a6179646565702f6c61726176656c2d6775617264646f672e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/jaydeep/laravel-guarddog)[![Total Downloads](https://camo.githubusercontent.com/ab566260000b0abd59299950a27c3f83c4bff7981a81364540b441c8c2d0ff09/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f6a6179646565702f6c61726176656c2d6775617264646f672e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/jaydeep/laravel-guarddog)[![License](https://camo.githubusercontent.com/a30c14c100598598a025668ff7119106e7cbac6fe9fd9f842196aca572e57ebe/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f6c2f6a6179646565702f6c61726176656c2d6775617264646f672e7376673f7374796c653d666c61742d737175617265)](LICENSE.md)[![GitHub Stars](https://camo.githubusercontent.com/c05b81ba6d6c1214f64c5405058ccbc3301e86d9e11291e168111196e78dd301/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4a617964656570476164686979612f6c61726176656c2d6775617264646f673f7374796c653d666c61742d737175617265)](https://github.com/JaydeepGadhiya/laravel-guarddog/stargazers)

**Scan your Laravel app in seconds. Catch SQL injection, missing auth middleware, exposed secrets, and more — before they hit production.**

⭐ Star the repository if GuardDog helps secure your Laravel apps.

[Quick Start](#-quick-start) • [Features](#-features) • [Example Report](#-example-report) • [Configuration](#-configuration) • [FAQ](#-faq)

---

🚀 Why GuardDog?
---------------

[](#-why-guarddog)

You shouldn't need to be a security expert to ship a secure Laravel app. **GuardDog** is a zero-config static security analyzer that scans your codebase for the OWASP style mistakes Laravel developers actually make and produces a clean, shareable HTML report with a security score your team can rally around.

- ⚡ **Zero config** — works out of the box on any Laravel 8–13 project
- 🎯 **Laravel-aware** — understands routes, middleware, Eloquent, Blade, and `.env`
- 📊 **Beautiful HTML reports** with a 0–100 security score
- 🆓 **Free and open source** (MIT)

---

📦 Installation & Setup
--------------------------

[](#-installation--setup)

Requires PHP 7.4+ and Laravel 8–13.

```
composer require jaydeep/laravel-guarddog --dev
```

Laravel auto-discovers the service provider. Publish the config (optional):

```
php artisan vendor:publish --tag=guarddog-config
```

---

⚡ Quick Start
-------------

[](#-quick-start)

Run a full scan:

```
php artisan guarddog:scan
```

That's it. GuardDog scans your project and writes an HTML report to `public/security-report.html`.

CommandWhat it does`php artisan guarddog:scan`Full scan + HTML report`php artisan guarddog:scan --no-html`Console output only`php artisan guarddog:scan --output=storage/report.html`Custom report path📸 Screenshots
-------------

[](#-screenshots)

### Console Output

[](#console-output)

[![Console Scan](https://raw.githubusercontent.com/JaydeepGadhiya/laravel-guarddog/main/docs/console-output.png)](https://raw.githubusercontent.com/JaydeepGadhiya/laravel-guarddog/main/docs/console-output.png)

### HTML Security Report

[](#html-security-report)

[![HTML Report](https://raw.githubusercontent.com/JaydeepGadhiya/laravel-guarddog/main/docs/security-report.png)](https://raw.githubusercontent.com/JaydeepGadhiya/laravel-guarddog/main/docs/security-report.png)

---

🔍 Features
----------

[](#-features)

GuardDog scans for the most common Laravel security vulnerabilities:

### Code-level checks

[](#code-level-checks)

- 🛑 **Raw SQL injection risks** — `DB::statement()`, `DB::raw()`, and `whereRaw()` with variable interpolation
- 🛑 **Unescaped Blade output** — `{!! $userInput !!}` flagged for XSS
- 🛑 **Mass assignment vulnerabilities** — models missing `$fillable` or `$guarded`
- 🛑 **Unsafe `eval()`, `shell_exec()`, `exec()`, `system()` usage**

### Configuration checks

[](#configuration-checks)

- ⚠️ **`APP_DEBUG=true` in production**
- ⚠️ **Weak or missing `APP_KEY`**
- ⚠️ **Default database credentials**
- ⚠️ **`.env` accidentally committed to git**
- ⚠️ **Session/cookie security flags** (`SESSION_SECURE_COOKIE`, `SameSite`)

### Routes & middleware

[](#routes--middleware)

- 🚧 **Routes missing `auth` middleware**
- 🚧 **CSRF exclusions** in `VerifyCsrfToken`
- 🚧 **Overly permissive CORS configuration**

### Dependencies

[](#dependencies)

- 📦 **Outdated packages with known CVEs** (via Packagist advisories)
- 📦 **Composer `minimum-stability` set to dev**

> Don't see a check you need? [Open an issue](https://github.com/JaydeepGadhiya/laravel-guarddog/issues) — new checks ship regularly.

---

📋 Example Report
----------------

[](#-example-report)

```
╔══════════════════════════════════════════════════════════╗
║         🐕 Laravel GuardDog Security Report              ║
╚══════════════════════════════════════════════════════════╝

  Files scanned:   142
  Issues found:    5
  Security Score:  83 / 100  (Good)

  ● CRITICAL: 1     ● WARNING: 3     ● NOTICE: 1
──────────────────────────────────────────────────────────

  CRITICAL  Raw SQL with variable interpolation in DB::statement()
            File: app/Repositories/UserRepository.php:54

  WARNING   Route without auth middleware
            File: routes/web.php:23

──────────────────────────────────────────────────────────
  Full HTML report: public/security-report.html

```

The HTML report includes per-issue remediation guidance, code snippets, and a shareable score badge.

---

🤖 Continuous Integration
------------------------

[](#-continuous-integration)

Fail your CI build when GuardDog finds critical issues:

```
# .github/workflows/security.yml
- name: Run GuardDog security scan
  run: php artisan guarddog:scan --no-html --fail-on=critical
```

GitLab, CircleCI, and Bitbucket Pipelines work the same way — just call the artisan command in your job.

---

⚙️ Configuration
----------------

[](#️-configuration)

After publishing the config (`config/guarddog.php`), you can:

- **Disable specific checks** you don't care about
- **Set severity thresholds** for CI failure
- **Exclude paths** (e.g. `vendor/`, `database/seeders/`)
- **Customize the HTML report** title, logo, and theme

```
return [
    'enabled_checks' => [
        'sql_injection',
        'unescaped_blade',
        'mass_assignment',
        'debug_mode',
        // ...
    ],

    'exclude_paths' => [
        'database/seeders',
        'database/factories',
    ],

    'fail_on' => 'critical', // critical | warning | notice
];
```

---

📊 Security Score
----------------

[](#-security-score)

GuardDog scores your app from 0 to 100. Every issue subtracts points based on severity:

SeverityPoints lostExamples🔴 Critical-15SQL injection, `eval()`, debug in prod🟡 Warning-5Missing auth middleware, weak session config🔵 Notice-1Style/best-practice nitsA score of **80+** is good. **90+** is excellent. **100** means GuardDog found nothing — though no scanner catches everything, so manual review still matters.

---

❓ FAQ
-----

[](#-faq)

**How is this different from `enlightn/enlightn`?**Enlightn is a fantastic, broader tool covering security, performance, and reliability. GuardDog is **security-focused, lightweight, and zero-config** — designed to drop into any project and run in seconds, with a beautiful report you can hand to a non-technical stakeholder. Use both together for the best coverage.

**Does GuardDog replace Roave Security Advisories?**No — they complement each other. `roave/security-advisories` blocks installation of vulnerable packages at the Composer level. GuardDog scans **your application code** for vulnerabilities you wrote yourself.

**Will GuardDog catch every security issue?**No static analyzer can. GuardDog catches a wide set of common Laravel-specific mistakes, but production security also requires manual code review, dependency scanning, penetration testing, and runtime protection. Treat GuardDog as one layer of defense.

**Does it send my code anywhere?**No. GuardDog runs 100% locally. No telemetry, no phone-home, no external API calls.

**Can I add custom checks?**Yes — GuardDog ships with an extensible check API. See the [Custom Checks guide](docs/custom-checks.md).

---

🤝 Contributing
--------------

[](#-contributing)

If you've found a security issue, **please do not open a public issue**. Email `jaydeepgadhiya5699@gmail.com` directly.

---

Changelog
---------

[](#changelog)

See [CHANGELOG.md](CHANGELOG.md) for recent updates.

---

📜 License
---------

[](#-license)

The MIT License (MIT). See [LICENSE.md](LICENSE.md).

---

**Built with ❤️ for the Laravel & Open Source community by [Jaydeep Gadhiya](https://github.com/JaydeepGadhiya)**

###  Health Score

44

—

FairBetter than 90% of packages

Maintenance96

Actively maintained with recent releases

Popularity24

Limited adoption so far

Community6

Small or concentrated contributor base

Maturity41

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~45 days

Total

2

Last Release

21d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/b9e410b11aa391f9cf6562aac3a4105798ade1f2312912139c1d96bfd28fcd91?d=identicon)[JaydeepGadhiya](/maintainers/JaydeepGadhiya)

---

Top Contributors

[![JaydeepGadhiya](https://avatars.githubusercontent.com/u/86125530?v=4)](https://github.com/JaydeepGadhiya "JaydeepGadhiya (1 commits)")

---

Tags

devsecopslaravellaravel-packagelaravel-securityphpsecuritysecurity-scannerstatic-analysisvulnerability-scannerlaravelsecurityAuditscannervulnerabilityguarddog

### Embed Badge

![Health badge](/badges/jaydeep-laravel-guarddog/health.svg)

```
[![Health](https://phpackages.com/badges/jaydeep-laravel-guarddog/health.svg)](https://phpackages.com/packages/jaydeep-laravel-guarddog)
```

###  Alternatives

[akaunting/laravel-firewall

Web Application Firewall (WAF) package for Laravel

1.0k494.9k2](/packages/akaunting-laravel-firewall)[psecio/versionscan

A PHP version scanner for reporting possible vulnerabilities

25056.4k1](/packages/psecio-versionscan)[mitnick/laravel-security

laravel-mitnick helps you secure your Laravel apps by setting various HTTP headers. it can help!

8111.8k1](/packages/mitnick-laravel-security)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)