PHPackages shieldci/laravel - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. shieldci/laravel ActiveLibrary[Security](/categories/security) shieldci/laravel ================ ShieldCI Laravel Package - Security and code quality analysis for Laravel applications v1.6.10(1mo ago)11.9k↓18.3%[1 PRs](https://github.com/ShieldCI/laravel/pulls)MITPHPPHP ^8.1CI passing Since Nov 11Pushed 1mo agoCompare [ Source](https://github.com/ShieldCI/laravel)[ Packagist](https://packagist.org/packages/shieldci/laravel)[ Docs](https://docs.shieldci.com)[ RSS](/packages/shieldci-laravel/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (10)Dependencies (26)Versions (70)Used By (0) ShieldCI Laravel Package ======================== [](#shieldci-laravel-package) [![Latest Version on Packagist](https://camo.githubusercontent.com/848e972a8f049c846d2ea9937b2288e9190e45b19351c35c6a5aab39682c48f8/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f736869656c6463692f6c61726176656c2e737667)](https://packagist.org/packages/shieldci/laravel)[![PHP Version](https://camo.githubusercontent.com/34bda3ac12ef00964fd9614772ca7707eef8988dfcb4deec05adc3606cf4a655/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f7068702d762f736869656c6463692f6c61726176656c2e737667)](https://packagist.org/packages/shieldci/laravel)[![Laravel Version](https://camo.githubusercontent.com/e6dd37c59b946319b1158efeaece5427315fb5eee86501bb08ccba11076c9f8b/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c61726176656c2d392e782d2d31332e782d7265642e737667)](https://packagist.org/packages/shieldci/laravel)[![License](https://camo.githubusercontent.com/2266fe04922a9de34aea897a3715793f13a56cdeb4ceda7c91ddb395a31b7927/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f6c2f736869656c6463692f6c61726176656c2e737667)](https://packagist.org/packages/shieldci/laravel)[![Tests](https://github.com/ShieldCI/laravel/actions/workflows/tests.yml/badge.svg)](https://github.com/ShieldCI/laravel/actions/workflows/tests.yml)[![codecov](https://camo.githubusercontent.com/ef4c4ebf6c386898c01cbb9859306e708ba53ffbb1941662e139f1aa9a7f2b46/68747470733a2f2f636f6465636f762e696f2f67682f536869656c6443492f6c61726176656c2f6272616e63682f6d61737465722f67726170682f62616467652e737667)](https://codecov.io/gh/ShieldCI/laravel)[![Documentation](https://camo.githubusercontent.com/4f382f722c45fc77f456b333b0b80f96f7c479b57664a97806aa356a24335bd9/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f646f63732d646f63732e736869656c6463692e636f6d2d626c75652e737667)](https://docs.shieldci.com) [![ShieldCI terminal demo](https://raw.githubusercontent.com/ShieldCI/laravel/master/.github/assets/analyzer-terminal.gif)](https://raw.githubusercontent.com/ShieldCI/laravel/master/.github/assets/analyzer-terminal.gif) Open-source AI-powered code quality analysis for Laravel applications with 73 comprehensive analyzers covering security, performance, reliability, code quality, and best practices. Built on top of [`shieldci/analyzers-core`](https://github.com/ShieldCI/analyzers-core) (v1.x) - a shared, framework-agnostic foundation for static analysis tools. Requirements ------------ [](#requirements) - PHP 8.1 or higher - Laravel 9.x, 10.x, 11.x, 12.x, 13.x Architecture ------------ [](#architecture) This package uses `shieldci/analyzers-core` for its core analyzer functionality, providing: - Type-safe enums (Status, Category, Severity) - Immutable value objects (Location, Issue, AnalyzerMetadata) - Abstract base classes (AbstractAnalyzer, AbstractFileAnalyzer) - AST parsing with nikic/php-parser - Result formatters (JSON, Console) - Comprehensive utilities (CodeHelper, FileParser) Installation ------------ [](#installation) ``` composer require shieldci/laravel ``` Configuration ------------- [](#configuration) Publish the configuration file: ``` php artisan vendor:publish --tag=shieldci-config ``` Usage ----- [](#usage) Run the analysis: ``` php artisan shield:analyze ``` ### Options [](#options) Run a specific analyzer: ``` php artisan shield:analyze --analyzer=sql-injection ``` Run analyzers by category: ``` php artisan shield:analyze --category=security ``` Output as JSON: ``` php artisan shield:analyze --format=json ``` Save report to file: ``` php artisan shield:analyze --output=report.json ``` ### Advanced Features [](#advanced-features) #### Baseline Support (Gradual Adoption) [](#baseline-support-gradual-adoption) Generate a baseline to suppress existing issues and only catch new ones: ``` # Generate baseline from current state (all analyzers, respects config) php artisan shield:baseline # Generate baseline for CI mode (only CI-compatible analyzers) php artisan shield:baseline --ci # Merge with existing baseline php artisan shield:baseline --merge # Analyze against baseline (only NEW issues reported) php artisan shield:analyze --baseline ``` #### CI Mode (Optimized for CI/CD) [](#ci-mode-optimized-for-cicd) Skip slow or network-dependent analyzers in CI/CD: ``` # Run in CI mode (only CI-compatible analyzers) php artisan shield:analyze --ci ``` Whitelist/blacklist specific analyzers in `config/shieldci.php`: ``` 'ci_mode_analyzers' => ['sql-injection', 'xss-vulnerabilities', 'csrf-protection'], 'ci_mode_exclude_analyzers' => ['vulnerable-dependencies', 'frontend-vulnerable-dependencies'], ``` #### Don't Report (Exit Code Control) [](#dont-report-exit-code-control) Run informational analyzers without failing CI: ``` // config/shieldci.php 'dont_report' => [ 'missing-docblock', // Informational only 'commented-code', // Won't fail CI ], ``` #### Compact Output [](#compact-output) Limit displayed issues per check: ``` # Show only 3 issues per check SHIELDCI_MAX_ISSUES=3 php artisan shield:analyze ``` #### Environment-Aware Analyzers [](#environment-aware-analyzers) Some analyzers are only relevant in specific environments. ShieldCI automatically handles multi-environment setups through environment mapping. **Standard environments** (no configuration needed): - `local` - Local development - `development` - Development server - `staging` - Staging/pre-production - `production` - Production - `testing` - Automated testing **Custom environments** (configure mapping): ``` // config/shieldci.php 'environment_mapping' => [ 'production-us' => 'production', 'production-eu' => 'production', 'staging-preview' => 'staging', 'prod-1' => 'production', ], ``` How it works: - Analyzers declare which environments they're relevant for (e.g., `['production', 'staging']`) - Custom environment names are automatically mapped to standard types - Analyzers run only in their relevant environments Example: AutoloaderOptimizationAnalyzer only runs in production/staging environments. Available Analyzers ------------------- [](#available-analyzers) ShieldCI includes **73 comprehensive analyzers** across five categories: CategoryCountCoverageSecurity22Complete OWASP Top 10 2021Performance18Optimize speed and efficiencyReliability13Ensure stability and correctnessCode Quality5Improve maintainabilityBest Practices15Laravel-specific patterns→ [Full Analyzer Reference](https://docs.shieldci.com/analyzers/) — all 73 analyzers with examples and fix guidance Configuration Options --------------------- [](#configuration-options) See `config/shieldci.php` for all available configuration options. ### Fail Conditions [](#fail-conditions) Configure when the analysis should fail: ``` 'fail_on' => 'critical', // never, critical, high, medium, low 'fail_threshold' => 80, // Minimum score to pass (0-100) ``` ### Paths [](#paths) Configure which paths to analyze: ``` 'paths' => [ 'analyze' => ['app', 'config', 'database', 'routes'], ], 'excluded_paths' => [ 'vendor/*', 'node_modules/*', 'storage/*', ], ``` Creating Custom Analyzers ------------------------- [](#creating-custom-analyzers) Quick example: ```