Security scanner built for Laravel, detects misconfigurations, vulnerabilities, and exposed secrets with a beautiful TUI.

Laravel News

Ward is a Go-based command-line security scanner built specifically for Laravel projects. It parses Laravel's structure (routes, models, controllers, Blade templates, config files, env vars, dependencies) and runs four targeted scan engines: env-scanner, config-scanner, dependency-scanner (using live OSV.dev data), and a rules-scanner with 42 built-in rules covering secrets, injection, XSS, weak crypto, and more. It features a terminal UI, multiple output formats (JSON, SARIF, HTML, Markdown), CI/CD integration with exit-code gating, baseline management to track acknowledged findings, custom rule support, and scan history diffing.

Ward: A Security Scanner for Laravel

<p>I want the same for Symfony &amp; API Platform :D !!!</p>
