PHPackages magebean/magebean-cli - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [CLI & Console](/categories/cli) 4. / 5. magebean/magebean-cli ActiveLibrary[CLI & Console](/categories/cli) magebean/magebean-cli ===================== A CLI tool for Magento security audit by Magebean v1.0.0(8mo ago)1643MITPHPPHP >=8.1 Since Sep 4Pushed 4mo agoCompare [ Source](https://github.com/magebean/magebean-cli)[ Packagist](https://packagist.org/packages/magebean/magebean-cli)[ RSS](/packages/magebean-magebean-cli/feed)WikiDiscussions main Synced 1mo ago READMEChangelogDependencies (2)Versions (3)Used By (0) Magebean CLI — Magento 2 Security Audit ======================================= [](#magebean-cli--magento-2-security-audit) Audit Magento 2 security, configuration, performance, and extensions from the command line. Generate actionable **HTML/JSON** reports and integrate with CI. > **Goal**: “Audit in minutes. Know exactly what to fix and why.” --- ✨ Features ---------- [](#-features) - **Security Audit**: file permissions, PHP hardening, admin exposure, SQLi/XSS/SSRF surfaces. - **Config Audit**: production mode, cache, Elasticsearch/OpenSearch, cron, logging/monitoring. - **Performance Signals**: cache effectiveness, DB indexes, static assets, storefront anti‑patterns. - **Extension Audit**: parse `composer.lock` to flag vulnerable/abandoned modules (CVE bundle optional). - **Offline‑first**: runs locally; privacy by design. - **CI‑friendly**: non‑zero exit codes on findings; JSON/SARIF outputs for pipelines. --- 📦 Requirements -------------- [](#-requirements) - PHP **8.1+** - Magento **2.4+** codebase to scan - (Optional) CVE Bundle for vulnerability lookups --- 🚀 Install --------- [](#-install) ### Option 1: Use the packaged PHAR [](#option-1-use-the-packaged-phar) ``` # Download magebean.phar (example path) curl -L -o magebean.phar https://magebean.com/files/magebean.phar chmod +x magebean.phar ``` ### Option 2: Local development (composer) [](#option-2-local-development-composer) ``` composer install php bin/magebean list ``` --- 🧪 Quick Start ------------- [](#-quick-start) ``` # HTML report ./magebean.phar scan \ --path=/var/www/magento \ --format=html --output=report.html ``` **Supported formats**: `html` (default) | `json` --- 🖥️ CLI Output Template ---------------------- [](#️-cli-output-template) ``` Magebean Security Audit v1.0 Target: /var/www/magento Time: 2025-08-28 11:32 PHP: 8.2 Env: prod ⚠ CVE check skipped → Requires CVE Bundle (--cve-data=magebean-cve-bundle-YYYYMM.zip) → Visit https://magebean.com/downloads Findings (5) [CRITICAL] Magento core outdated — detected 2.4.3, latest 2.4.7-p1 [HIGH] Admin route is default (/admin) [HIGH] Admin 2FA disabled [MEDIUM] Folder permission /pub/media is 777 [MEDIUM] Full Page Cache disabled/misconfigured Summary Passed Rules: 76 / 81 Issues: 1 Critical, 2 High, 2 Medium → Report saved to report.html Contact: support@magebean.com ``` --- 📄 HTML Report ------------- [](#-html-report) - **Summary** includes: - Completed time, audited path - **Rules Checked**: Total, Passed, Failed, **Score %** - **Findings Overview** *(counts **failed rules only**)* by severity: **Critical/High/Medium/Low** - Table lists **both PASS and FAIL**, with colors: - ✅ PASS: green background - ❌ FAIL: red background --- 🔢 Exit Codes ------------ [](#-exit-codes) - `0` – no failed findings - `1` – has `High`/`Medium`/`Low` failed findings - `2` – has `Critical` failed findings > Adjust policy in `ScanCommand` if your team prefers a different threshold. --- ⚙️ Command Options ------------------ [](#️-command-options) OptionDescriptionDefault`--path`Magento root to auditcurrent dir`--format``html` | `json` | `sarif``html``--output`Output file path`report.html``--cve-data`Path to CVE bundle (optional)none--- 🧩 Development ------------- [](#-development) ``` # run locally php bin/magebean scan --path=/path/to/magento --format=html --output=report.html # run with JSON for CI php bin/magebean scan --path=/path --format=json > report.json ``` - Reporter templates: `resources/report-template.html` - HTML reporter colors: `.status-pass` (green), `.status-fail` (red) - Findings Overview counts **failures only** --- 🔐 Security ---------- [](#-security) Responsible disclosure: please email ****. --- 🗺️ Roadmap ---------- [](#️-roadmap) - Live CVE updates via Magebean Cloud API - Additional controls & rule packs - PDF export - GitHub Action wrapper --- 📬 Contact --------- [](#-contact) - Email: **** - Website: **** --- License ------- [](#license) MageBean CLI is open-sourced software licensed under the [MIT license](./LICENSE). - **Core CLI** → MIT licensed, free to use and extend. - **CVE Data Bundle** → Proprietary, licensed separately. - **Audit-as-a-Service** → Commercial offering. This dual model ensures that the community benefits from a free baseline audit tool, while advanced vulnerability data and professional audit services remain sustainable. ### Health Score 36 — LowBetter than 82% of packages Maintenance69 Regular maintenance activity Popularity13 Limited adoption so far Community8 Small or concentrated contributor base Maturity45 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 245d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/4757eec9e233a779e57448bf1a30700b80a210e55ce0855eea3f857caecda813?d=identicon)[magebean](/maintainers/magebean) --- Top Contributors [![magebean](https://avatars.githubusercontent.com/u/193283600?v=4)](https://github.com/magebean "magebean (10 commits)") ### Embed Badge ![Health badge](/badges/magebean-magebean-cli/health.svg) ``` [![Health](https://phpackages.com/badges/magebean-magebean-cli/health.svg)](https://phpackages.com/packages/magebean-magebean-cli) ``` ### Alternatives [illuminate/console The Illuminate Console package. 12944.1M5.1k](/packages/illuminate-console)[crazywhalecc/static-php-cli Build single static PHP binary, with PHP project together, with popular extensions included. 1.8k13.9k](/packages/crazywhalecc-static-php-cli)[matthiasnoback/symfony-console-form Use Symfony forms for Console command input 368264.8k8](/packages/matthiasnoback-symfony-console-form)[phpcr/phpcr-shell Shell for PHPCR 721.3M8](/packages/phpcr-phpcr-shell)[madewithlove/license-checker CLI tool to verify allowed licenses for composer dependencies 54449.8k21](/packages/madewithlove-license-checker)[shel/neos-terminal Neos CMS Ui terminal for running Eel expressions and other commands 1441.3k](/packages/shel-neos-terminal) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)