enlightn VS Psalm

Enlightn scans your code to check whether it follows best practices in performance, security, and reliability. It's a paid tool, but it also has free checks you can use. At the time of writing, it has 64 checks in the free version and 128 checks in the paid version. For the purposes of this article, we'll only be using the free version.

There are other tools out there, such as Enlightn and Dependabot, that help you to detect dependencies in your project with security vulnerabilities. But I'd like to think of these types of tools more as being "reactive". By that, I mean that they can alert you of vulnerable dependencies after you've installed them in your project. This can result in you introducing potential security holes into your applications without being aware at first. This is by no means a discredit to any of these types of tools though. Vulnerabilities are always being discovered in frameworks, packages, and libraries. So being able to detect them is a great way to stay on top of your project's security.

In this article, we're going to briefly look at different things to look out for when auditing your app's security, or adding new validation. We'll also look at how you can use "Enlightn" to detect potential mass assignment vulnerabilities.

Checkout laravel enlghtn, scans all dependencies, we have it wired for all prs and nightly on all code bases. https://www.laravel-enlightn.com/

you can also check https://www.laravel-enlightn.com

Uhh did you check the link? It's another product. The security checker is an independent package. The Enlightn Github repo is here and the security checker is here. Lol you were so busy criticizing about emojis, you don't even know what I was talking about.

Psalm is a static analysis tool for PHP. Much like PHPStan is to Larastan, Psalm has a plugin called Laravel Psalm that allows you to easily use it in Laravel projects.

Psalm: A static analysis tool for finding errors in PHP applications. Plugins: boesing/psalm-plugin-stringf: Psalm plugin to provide more details for sprintf, printf, sscanf and fscanf functions. hectorj/safe-php-psalm-plugin: vimeo/psalm plugin for thecodingmachine/safe. marartner/psalm-no-empty: Psalm plugin to detect usage of empty(). marartner/psalm-strict-equality: Psalm plugin to enforce strict equality. psalm/plugin-phpunit: A PHPUnit plugin for Psalm. psalm/plugin-symfony: Psalm Plugin for Symfony. weirdan/doctrine-psalm-plugin: Stubs to let Psalm understand Doctrine better. ghostwriter/psalm-plugin: Provides an ALL-IN-ONE plugin for Psalm

PHP 8 is the best version of PHP yet, and the main reason why it's so good is precisely because it got rid of a huge amount of ugly, legacy behavior.

Upgrading a codebase to PHP 8 is not an insurmountable task, I've upgraded our 1 million SLOC codebase at work in just a few weeks, with the help of tools like https://psalm.dev and our own strict coding standard.

Psalm is a static analysis tool specifically designed for PHP. It performs advanced type inference and checks for various types of errors, including type errors, undefined variables, incorrect function calls, and more. It provides comprehensive code analysis and helps improve code quality and maintainability. Documentation: You can find more information about Psalm, including installation instructions and usage details, in the official repository: Psalm Repository

vimeo/psalm

Static analysis - Psalm .