Free Laravel Security Scanner
Paste a public GitHub repo URL to get an instant security analysis. 40 framework-aware checks for mass assignment, SQL injection, XSS, CSRF bypasses, credential leaks, insecure dependencies, and more. Free, no signup required.
How the Laravel Security Scan Works
1. Clone & Parse
We shallow-clone your repo and parse PHP files into an AST using nikic/php-parser. No code is stored after the scan.
2. Run 40 Checks
Framework-aware static analysis checks for Laravel-specific vulnerabilities: Eloquent mass assignment, raw SQL injection, Blade XSS, route misconfigurations, and more.
3. Grade & Report
Each finding is scored by severity. Your project gets a letter grade (A through D) with specific remediation guidance for every issue found.
Rate limited to 3 scans per hour. Results cached for 24 hours per commit SHA.