Free Laravel Security Scanner
Paste a public GitHub repo URL and get a full security report. 40 Laravel-aware checks covering mass assignment, SQL injection, XSS, CSRF bypasses, credential leaks, and insecure dependencies. Free, no signup required.
How the Laravel Security Scan Works
1. Clone & Parse
We shallow-clone your repo and parse PHP files into an AST using nikic/php-parser. No code is stored after the scan.
2. Run 40 Checks
Laravel-specific static analysis: Eloquent mass assignment, raw SQL injection, Blade XSS, CSRF bypasses, route misconfigurations, credential leaks, and insecure dependencies.
3. Grade & Report
Each finding is scored by severity. Your project gets a letter grade (A through D) with specific remediation guidance for every issue found.
Rate limited to 3 scans per hour. Results cached for 24 hours per commit SHA.