PHPackages parallel-oss/laravel-compliance - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. parallel-oss/laravel-compliance ActiveLibrary[Security](/categories/security) parallel-oss/laravel-compliance =============================== Map Laravel code evidence to security requirements and generate compliance reports. v0.3.0(yesterday)03↑2900%[4 PRs](https://github.com/parallel-oss/laravel-compliance/pulls)MITPHPPHP ^8.4CI failing Since Jun 18Pushed yesterday1 watchersCompare [ Source](https://github.com/parallel-oss/laravel-compliance)[ Packagist](https://packagist.org/packages/parallel-oss/laravel-compliance)[ Docs](https://github.com/parallel-oss/laravel-compliance)[ GitHub Sponsors](https://github.com/Parallel)[ RSS](/packages/parallel-oss-laravel-compliance/feed)WikiDiscussions main Synced today READMEChangelog (1)Dependencies (13)Versions (9)Used By (0) Laravel Compliance ================== [](#laravel-compliance) [![Latest Version on Packagist](https://camo.githubusercontent.com/9f0c44f3b96b8abcca09c5db4106328efeebce708e42669aacd472ba8b979e4a/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f706172616c6c656c2d6f73732f6c61726176656c2d636f6d706c69616e63652e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/parallel-oss/laravel-compliance)[![GitHub Tests Action Status](https://camo.githubusercontent.com/19f8cb55316e59fc826b250cf9df186c164480d2dfda731854fcc8b60d88894d/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f706172616c6c656c2d6f73732f6c61726176656c2d636f6d706c69616e63652f72756e2d74657374732e796d6c3f6272616e63683d6d61696e266c6162656c3d7465737473267374796c653d666c61742d737175617265)](https://github.com/parallel-oss/laravel-compliance/actions?query=workflow%3Arun-tests+branch%3Amain)[![GitHub Code Style Action Status](https://camo.githubusercontent.com/4993e236180cedbbbf783d7443d2516d1330aeaa820c084a044ce95b6c93771d/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f706172616c6c656c2d6f73732f6c61726176656c2d636f6d706c69616e63652f6669782d7068702d636f64652d7374796c652d6973737565732e796d6c3f6272616e63683d6d61696e266c6162656c3d636f64652532307374796c65267374796c653d666c61742d737175617265)](https://github.com/parallel-oss/laravel-compliance/actions?query=workflow%3A%22Fix+PHP+code+style+issues%22+branch%3Amain)[![Total Downloads](https://camo.githubusercontent.com/d8c3c9d014ee3699ab13886dd55e7ea97849a61856e48c26caf53e00133a5140/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f706172616c6c656c2d6f73732f6c61726176656c2d636f6d706c69616e63652e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/parallel-oss/laravel-compliance) Laravel Compliance lets you map code-level evidence to curated, enum-backed controls and generated technical requirements. It does not claim that an annotation proves compliance; it gives teams a typed, reviewable way to connect implementation evidence to framework requirements, monitoring tests, and audit-friendly reports. Installation ------------ [](#installation) You can install the package via composer: ``` composer require parallel-oss/laravel-compliance ``` You can publish the config file with: ``` php artisan vendor:publish --tag="laravel-compliance-config" ``` How It Works ------------ [](#how-it-works) Application code is tagged with plain-English behavior controls: ``` #[Evidence( controls: ComplianceControl::CustomerDataDeletedUponLeaving, summary: 'Deletes user profile data and related records during account closure.', )] ``` The package then maps that behavior through prepackaged local data: ``` CustomerDataDeletedUponLeaving -> internal source control: DCH-1 -> framework controls: SOC2:C1.2, SOC2:CC6.5 -> related monitoring tests, when available ``` Package users do not import remote data or generate enums before using the package. The raw source data has already been processed into local seed arrays under `resources/frameworks/vanta/data`: - `frameworks.php` - `framework-controls.php` - `internal-controls.php` - `tests.php` - `integrations.php` - `framework-control-internal-control.php` - `internal-control-test.php` - `integration-test.php` - `test-entities.php` These files are plain PHP arrays so downstream applications can seed their own database: ``` $frameworks = require base_path('vendor/parallel-oss/laravel-compliance/resources/frameworks/vanta/data/frameworks.php'); ``` The public `ComplianceControl` enum is intentionally curated. It includes engineering-relevant behaviors for access, encryption, logging, monitoring, SDLC, vulnerability management, privacy engineering, vendors, and related security operations. It excludes policy-only, HR-only, physical-office, board, insurance, meeting-minute, and pure audit-placeholder controls from code-facing evidence. LLM Agent Skills ---------------- [](#llm-agent-skills) This package publishes portable Agent Skills under `skills/` and advertises them through Composer metadata: - `use-laravel-compliance`: how to annotate Laravel code with readable controls, mark gaps, choose controls, and produce reports. Agents that support Composer-discovered skills can sync them from the package. Agents that read repository instruction files can use `AGENTS.md`. For Cursor projects, publish the packaged skills into the current project: ``` php artisan laravel-compliance:publish-skills ``` This writes Cursor project skills to `.cursor/skills` using Cursor's expected directory format: ``` .cursor/skills/ └── use-laravel-compliance/ ├── SKILL.md └── references/ └── mapping-sources.md ``` Existing project skills are not overwritten unless you pass `--force`. Usage ----- [](#usage) Prefer control evidence when the code demonstrates behavior that may support multiple frameworks: ``` use Parallel\Compliance\Controls\ComplianceControl; use Parallel\Compliance\Evidence; use Parallel\Compliance\EvidenceStatus; class AccountClosureService { #[Evidence( controls: ComplianceControl::CustomerDataDeletedUponLeaving, summary: 'Deletes user profile data and related records during account closure.', status: EvidenceStatus::Implemented, )] public function deleteUserData(User $user): void { // ... } } ``` Use gap markers when the code path should have compliance-related behavior but does not yet. These markers do not appear in the evidence report and should not be treated as implemented controls: ``` use Parallel\Compliance\ComplianceGap; use Parallel\Compliance\Controls\ComplianceControl; class AccountClosureService { #[ComplianceGap( summary: 'Account closure does not delete billing export files.', controls: ComplianceControl::CustomerDataDeletedUponLeaving, remediation: 'Delete object storage exports during account closure.', owner: 'platform', )] public function closeAccount(User $user): void { // ... } } ``` Control metadata and framework mappings are loaded from prepackaged local seed arrays. The enum stays small and ergonomic; source IDs, titles, descriptions, domains, framework controls, and related monitoring tests are implementation details that the report expands automatically. You may still use direct requirement enums when your application already owns a technical requirement catalog: ``` use App\Compliance\Requirements\PasswordResetRequirement; use Parallel\Compliance\Evidence; #[Evidence( requirements: PasswordResetRequirement::TokensExpire, summary: 'Password reset uses signed, expiring tokens.', links: ['https://github.com/example/app/pull/123'], )] class ResetPasswordController { #[Evidence( requirements: PasswordResetRequirement::TokensAreSingleUse, summary: 'Password reset tokens are single-use.', )] public function __invoke(): void { // ... } } ``` The legacy `Parallel\Compliance\Compliance` attribute remains available as an alias, but new code should use `Evidence`. Generate Reports ---------------- [](#generate-reports) Generate a Markdown evidence report: ``` php artisan security:generate-report ``` Generate a Markdown gap report for missing compliance work: ``` php artisan security:find-gaps ``` Useful options: ``` php artisan security:generate-report \ --path=app \ --output=security-evidence-report.md php artisan security:find-gaps \ --path=app \ --output=compliance-gap-report.md ``` Testing ------- [](#testing) ``` composer test ``` Changelog --------- [](#changelog) Please see [CHANGELOG](CHANGELOG.md) for more information on what has changed recently. Contributing ------------ [](#contributing) Please see [CONTRIBUTING](CONTRIBUTING.md) for details. Security Vulnerabilities ------------------------ [](#security-vulnerabilities) Please review [our security policy](../../security/policy) on how to report security vulnerabilities. Credits ------- [](#credits) - [Emaad Ali](https://github.com/emaadali) - [All Contributors](../../contributors) License ------- [](#license) The MIT License (MIT). Please see [License File](LICENSE.md) for more information. ### Health Score 42 — FairBetter than 89% of packages Maintenance100 Actively maintained with recent releases Popularity4 Limited adoption so far Community10 Small or concentrated contributor base Maturity46 Maturing project, gaining track record Bus Factor1 Top contributor holds 66.7% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~0 days Total 4 Last Release 1d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/4ffa4cdf0b83948b1b33a89b67d6ff2e8295b86e2855b94e34acac878224c946?d=identicon)[parallel-oss](/maintainers/parallel-oss) --- Top Contributors [![emaadali](https://avatars.githubusercontent.com/u/3521616?v=4)](https://github.com/emaadali "emaadali (20 commits)")[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (5 commits)")[![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?v=4)](https://github.com/github-actions[bot] "github-actions[bot] (5 commits)") --- Tags laravelsecurityowaspcomplianceevidencelaravel-compliance ### Code Quality TestsPest Static AnalysisPHPStan Code StyleLaravel Pint ### Embed Badge ![Health badge](/badges/parallel-oss-laravel-compliance/health.svg) ``` [![Health](https://phpackages.com/badges/parallel-oss-laravel-compliance/health.svg)](https://phpackages.com/packages/parallel-oss-laravel-compliance) ``` ### Alternatives [spatie/laravel-permission Permission handling for Laravel 12 and up 12.9k98.0M1.3k](/packages/spatie-laravel-permission)[dedoc/scramble Automatic generation of API documentation for Laravel applications. 2.1k9.9M89](/packages/dedoc-scramble)[psalm/plugin-laravel Psalm plugin for Laravel 3325.1M337](/packages/psalm-plugin-laravel)[spatie/laravel-pdf Create PDFs in Laravel apps 1.0k4.3M42](/packages/spatie-laravel-pdf)[elegantly/laravel-translator All on one translations management for Laravel 6326.3k](/packages/elegantly-laravel-translator)[rawilk/profile-filament-plugin Profile & MFA starter kit for filament. 3913.7k](/packages/rawilk-profile-filament-plugin) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)