SensioLabs Security Check
GrumPHP
| SensioLabs Security Check | GrumPHP | |
|---|---|---|
| 4 | 25 | |
| 2,012 | 4,089 | |
| 0.4% | 0.3% | |
| 7.8 | 8.0 | |
| 9 days ago | about 1 month ago | |
| PHP | PHP | |
| The Unlicense | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
SensioLabs Security Check
-
PHP libraries and tools
Local PHP Security Checker: PHP security vulnerabilities checker
-
Laravel Security Alerts
We use snyk, but I have found symfonys security checker to be the quickest to catch vulns: https://github.com/fabpot/local-php-security-checker
- Is Laravel still simple?
-
Typosquatting Malware Found in Composer Repository
Yeah, see github https://github.com/FriendsOfPHP/security-advisories/issues/587. The source is also removed from https://github.com/robotchanchan/
GrumPHP
-
PHP libraries and tools
GrumPHP: A PHP code-quality tool.
-
Recommended Code Review Plugin for Github?
Depends on what you mean by plugin, but a GrumPHP is a great tool. It registers a pre-commit git hook that runs whatever quality tools you've configured every time someone commits. If one of the checks fail, the commit is aborted. It's very easy to install and configure.
- Looking to build a code quality tool for Laravel - opinions wanted
-
PHPUnit, do i need to learn it?
sounds like you heard of Grumphp
- Ideas for minimum PHP pipeline for a small team
-
Ensure a beaut code with Laravel Pint
Of course, in this simple way, you will need run the command before commits to ensure a correct code style. We can improve this we can to use some pre-commit hook, like a grumphp https://github.com/phpro/grumphp.
-
A quality inspection hook installer
How does this compare to existing tools like GrumPHP or Captain Hook? Why should I use it instead?
Are you aware of GrumPHP?
-
Is there a way to run commands before PHPStorm commits?
I use grumphp to run phplint, phpstan, Easy coding standard (includes php-cs fixer) and phpunit. All four will automatically run before every commit, stopping any 'below standard' code from being committed. Example config file
-
What are some helpful tools every Laravel CI pipeline should have?
like valplet said: https://github.com/phpro/grumphp But also: https://styleci.io/ integrates nicely with git For client side code formatting check: https://prettier.io/
What are some alternatives?
HTML Purifier - Standards compliant HTML filter written in PHP
PHPStan - PHP Static Analysis Tool - discover bugs in your code without running it!
ZAP - The ZAP core project
PHP CS Fixer - A tool to automatically fix PHP Coding Standards issues
PHP IDS - PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application
PHP Code Sniffer - PHP_CodeSniffer tokenizes PHP files and detects violations of a defined set of coding standards.
PHP SSH - An experimental object oriented SSH api in PHP
PHPCPD - Copy/Paste Detector (CPD) for PHP code.
IniScan - A php.ini scanner for best security practices
drupal-project - :rocket: Composer template for Drupal projects. Quick installation via "composer create-project drupal-composer/drupal-project"
AntiXSS - ㊙️ AntiXSS | Protection against Cross-site scripting (XSS) via PHP
PHP Mess Detector - PHPMD is a spin-off project of PHP Depend and aims to be a PHP equivalent of the well known Java tool PMD. PHPMD can be seen as an user friendly frontend application for the raw metrics stream measured by PHP Depend.