Weave Code
Code Weaver
Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.
Feedback
Share your thoughts, report bugs, or suggest improvements.
Subject
Message
Log in Register
Home
Packages
Security Advisories Health Check
Assessments

Security Advisories Health Check Laravel Package

spatie/security-advisories-health-check

Laravel Health check that queries Packagist security advisories for your installed PHP packages and reports known vulnerabilities. Supports retries, result caching via Laravel cache, and ignoring specific packages for cleaner health reports.

View on GitHub
Deep Wiki
Context7

Product Decisions This Supports

  • Compliance & Risk Mitigation: Proactively integrate security vulnerability scanning into CI/CD pipelines or monitoring dashboards to align with SOC2, ISO 27001, or GDPR requirements.
  • DevOps & SRE Roadmap: Prioritize automated security checks as part of a shift-left security strategy, reducing manual audits and human error in dependency management.
  • Build vs. Buy: Justify adopting this lightweight, open-source solution over proprietary tools (e.g., Snyk, Dependabot) for teams with tight budgets or strict open-source policies.
  • Use Cases:
    • Pre-deployment gating: Fail builds if critical vulnerabilities are detected.
    • Incident response: Surface vulnerabilities in real-time via health check dashboards (e.g., Laravel Horizon, Grafana).
    • Vendor lock-in avoidance: Replace ad-hoc composer why-not commands with automated, actionable alerts.

When to Consider This Package

  • Adopt if:
    • Your Laravel app uses 3rd-party PHP packages (e.g., laravel/framework, spatie/laravel-permission).
    • You lack dedicated security tooling but need compliance-ready vulnerability scanning.
    • Your team prefers open-source over SaaS tools (MIT license, no vendor lock-in).
    • You already use Laravel Health for other infrastructure checks (low integration friction).
  • Look elsewhere if:
    • You need deep code analysis (e.g., static analysis, SAST) → Use Psalm, PHPStan, or Snyk Code.
    • You require automated patching → Use Dependabot, Renovate, or GitHub Advanced Security.
    • Your stack is non-PHP (e.g., Node.js, Python) → Use language-specific tools.
    • You need enterprise features (e.g., SLAs, audit logs) → Evaluate Snyk, Veracode, or GitHub Advisory Database API.

How to Pitch It (Stakeholders)

For Executives: "This package adds a 5-minute security audit to our Laravel apps by scanning PHP dependencies for known vulnerabilities—like a free, automated ‘penetration test’ for your supply chain. It integrates seamlessly with our existing health checks, reducing compliance risk without hiring a security team. For example, if a critical flaw in monolog/monolog (CVE-2023-41199) emerges, we’ll catch it before it hits production. The cost? Zero—just a few lines of code. ROI? Fewer breaches, happier auditors."

For Engineering: "We’re adding a Laravel Health check that queries Packagist’s security advisories (GitHub/GitLab sources) to flag vulnerable dependencies. It’s lightweight (caches results by default), extensible (supports retries, custom thresholds), and plays nice with our existing monitoring. No API keys or SaaS—just MIT-licensed PHP. Use case: Fail CI if vulnerable: true is detected, or surface warnings in our dashboard. Zero maintenance overhead."

Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.
Prompt
Add packages to context
No packages found.
davejamesmiller/laravel-breadcrumbs
artisanry/parsedown
christhompsontldr/phpsdk
enqueue/dsn
bunny/bunny
enqueue/test
enqueue/null
enqueue/amqp-tools
milesj/emojibase
bower-asset/punycode
bower-asset/inputmask
bower-asset/jquery
bower-asset/yii2-pjax
laravel/nova
spatie/laravel-mailcoach
spatie/laravel-superseeder
laravel/liferaft
nst/json-test-suite
danielmiessler/sec-lists
jackalope/jackalope-transport