PHPackages raffaelecarelle/php-security-scanner - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. raffaelecarelle/php-security-scanner ActiveProject[Security](/categories/security) raffaelecarelle/php-security-scanner ==================================== A PHP security code analyzer that finds vulnerabilities and suggests fixes 11PHP Since Jul 18Pushed 9mo agoCompare [ Source](https://github.com/raffaelecarelle/php-security-scanner)[ Packagist](https://packagist.org/packages/raffaelecarelle/php-security-scanner)[ RSS](/packages/raffaelecarelle-php-security-scanner/feed)WikiDiscussions main Synced 1mo ago READMEChangelogDependenciesVersions (1)Used By (0) PHP Security Code Analyzer ========================== [](#php-security-code-analyzer) A command-line tool that analyzes PHP code for security vulnerabilities and suggests how to fix them. Features -------- [](#features) - Detects common security vulnerabilities in PHP code: - SQL Injection - Cross-Site Scripting (XSS) - Command Injection - Provides detailed information about each vulnerability: - File path and line number - Code snippet - Description of the vulnerability - Severity level - Suggestions on how to fix the vulnerability - Supports multiple output formats: - Text (console-friendly with colors) - JSON - Can analyze individual files or entire directories recursively - Can save reports to a file Requirements ------------ [](#requirements) - PHP 7.4 or higher - Composer Installation ------------ [](#installation) ### Via Composer (recommended) [](#via-composer-recommended) ``` composer require security/code-analyzer ``` ### Manual Installation [](#manual-installation) 1. Clone the repository: ``` git clone https://github.com/yourusername/php-security-code-analyzer.git cd php-security-code-analyzer ``` 2. Install dependencies: ``` composer install ``` 3. Make the executable file executable: ``` chmod +x bin/security-analyzer ``` Usage ----- [](#usage) ### Basic Usage [](#basic-usage) Analyze a single file: ``` ./bin/security-analyzer analyze path/to/file.php ``` Analyze a directory recursively: ``` ./bin/security-analyzer analyze path/to/directory ``` ### Output Formats [](#output-formats) By default, the tool outputs a text report to the console. You can change the output format using the `--format` or `-f` option: ``` ./bin/security-analyzer analyze path/to/file.php --format=json ``` Supported formats: - `text` (default): Console-friendly text output with colors - `json`: JSON output ### Save Report to File [](#save-report-to-file) You can save the report to a file using the `--output` or `-o` option: ``` ./bin/security-analyzer analyze path/to/file.php --output=report.txt ``` ### Specify File Extensions [](#specify-file-extensions) By default, the tool analyzes files with the `.php` extension. You can specify additional file extensions using the `--extensions` or `-e` option: ``` ./bin/security-analyzer analyze path/to/directory --extensions=php,phtml,inc ``` ### Full Command Reference [](#full-command-reference) ``` Description: Analyze PHP code for security vulnerabilities Usage: analyze [options] [--] Arguments: path Path to the file or directory to analyze Options: -f, --format=FORMAT Output format (text, json) [default: "text"] -o, --output=OUTPUT Output file (if not specified, output to stdout) -e, --extensions=EXTENSIONS Comma-separated list of file extensions to analyze [default: "php"] -h, --help Display help for the given command ``` Examples -------- [](#examples) ### Analyze a Single File [](#analyze-a-single-file) ``` ./bin/security-analyzer analyze src/login.php ``` ### Analyze a Directory with Custom Extensions [](#analyze-a-directory-with-custom-extensions) ``` ./bin/security-analyzer analyze src --extensions=php,phtml,inc ``` ### Generate a JSON Report and Save to File [](#generate-a-json-report-and-save-to-file) ``` ./bin/security-analyzer analyze src --format=json --output=security-report.json ``` Architecture ------------ [](#architecture) The tool follows SOLID principles and Clean Code practices: - **Single Responsibility Principle**: Each class has a single responsibility - **Open/Closed Principle**: The tool is open for extension (new scanners, reporters) but closed for modification - **Liskov Substitution Principle**: Subtypes can be substituted for their base types - **Interface Segregation Principle**: Clients only depend on the interfaces they use - **Dependency Inversion Principle**: High-level modules depend on abstractions, not concrete implementations The main components are: - **Vulnerability**: Represents a security vulnerability found in the code - **Scanner**: Scans code for specific types of vulnerabilities - **Analyzer**: Coordinates the scanning process - **Reporter**: Generates reports in different formats Contributing ------------ [](#contributing) Contributions are welcome! Here's how you can contribute: 1. Fork the repository 2. Create a feature branch: `git checkout -b feature/my-new-feature` 3. Commit your changes: `git commit -am 'Add some feature'` 4. Push to the branch: `git push origin feature/my-new-feature` 5. Submit a pull request Testing ------- [](#testing) Run the tests using PHPUnit: ``` composer test ``` License ------- [](#license) This project is licensed under the MIT License - see the LICENSE file for details. ### Health Score 16 — LowBetter than 5% of packages Maintenance40 Moderate activity, may be stable Popularity4 Limited adoption so far Community6 Small or concentrated contributor base Maturity14 Early-stage or recently created project Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Community Maintainers ![](https://www.gravatar.com/avatar/470d7f2b64c268ccd0d73d1d19da604f5049ffdc717170df28ac460d34b8a327?d=identicon)[raffaelecarelle](/maintainers/raffaelecarelle) --- Top Contributors [![raffaelecarelle](https://avatars.githubusercontent.com/u/15015792?v=4)](https://github.com/raffaelecarelle "raffaelecarelle (4 commits)") ### Embed Badge ![Health badge](/badges/raffaelecarelle-php-security-scanner/health.svg) ``` [![Health](https://phpackages.com/badges/raffaelecarelle-php-security-scanner/health.svg)](https://phpackages.com/packages/raffaelecarelle-php-security-scanner) ``` ### Alternatives [defuse/php-encryption Secure PHP Encryption Library 3.9k162.4M214](/packages/defuse-php-encryption)[roave/security-advisories Prevents installation of composer packages with known security vulnerabilities: no API, simply require it 2.9k97.3M6.4k](/packages/roave-security-advisories)[mews/purifier Laravel 5/6/7/8/9/10 HtmlPurifier Package 2.0k16.7M113](/packages/mews-purifier)[robrichards/xmlseclibs A PHP library for XML Security 41278.1M118](/packages/robrichards-xmlseclibs)[bjeavons/zxcvbn-php Realistic password strength estimation PHP library based on Zxcvbn JS 86917.5M63](/packages/bjeavons-zxcvbn-php)[enlightn/security-checker A PHP dependency vulnerabilities scanner based on the Security Advisories Database. 33732.2M110](/packages/enlightn-security-checker) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)