Our great sponsors
-
SecurityAdvisories
:closed_lock_with_key: Security advisories as a simple composer exclusion list, updated daily
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
To reduce the chance of introducing vulnerable dependencies into your projects, you can use tools such as "Roave Security Advisories" (roave/security-advisories).
There are other tools out there, such as Enlightn and Dependabot, that help you to detect dependencies in your project with security vulnerabilities. But I'd like to think of these types of tools more as being "reactive". By that, I mean that they can alert you of vulnerable dependencies after you've installed them in your project. This can result in you introducing potential security holes into your applications without being aware at first. This is by no means a discredit to any of these types of tools though. Vulnerabilities are always being discovered in frameworks, packages, and libraries. So being able to detect them is a great way to stay on top of your project's security.
Related posts
- Mass Assignment Vulnerabilities and Validation in Laravel
- What’s Next: PhpStorm 2022.3 Roadmap
- 7 Laravel Packages to Improve Coding Standards and Reduce Bugs
- A Laravel package to monitor the health of your application
- Matt Brown, the creator of psalm, stops working at Vimeo (and stops working with PHP)