I've tried a security scanner for Laravel, it had some good and some "false positive" findings.
Try Ward yourself here: https://github.com/Eljakani/ward

Support the channel by checking out my products:
- My Laravel courses: https://laraveldaily.com/courses
- Filament examples: https://filamentexamples.com

Other places to follow:
- My weekly Laravel newsletter: https://us11.campaign-archive.com/home/?u=a459401212599a54203d036ee&id=91c1337873
- My personal Twitter: https://twitter.com/povilaskorop

Laravel Daily

Ward is an open-source security scanner for Laravel projects, built in Go. It performs static analysis by scanning a Laravel project folder or Git repository and reports vulnerabilities across severity levels (critical, high, medium, low). A demo scan on a 7-month-old Laravel project found a critical LiveWire vulnerability, outdated dependencies, debug mode enabled, weak random number usage, potential SQL injection patterns, and missing route middleware. The tool surfaces some false positives — particularly around local dev environment settings and raw queries with parameterized inputs — and its usefulness for dependency scanning overlaps with existing tools like GitHub Dependabot and `composer outdated`. It supports custom rules via YAML configuration and has a terminal UI for browsing findings.

Ward: New Security Scanner for Laravel (written in Go)