Skip to content

Commands

Jump to bottom
Jean-Marc Strauven edited this page Aug 1, 2025 · 1 revision

πŸ”§ Commands Reference

Laravel Safeguard provides several artisan commands for running security checks, managing rules, and generating reports. This comprehensive guide covers all available commands and their options.

πŸ” safeguard:check

Run security checks on your Laravel application.

Syntax

php artisan safeguard:check [options]

Options

Option Description Example Default
--env=ENVIRONMENT Specify environment to check --env=production Current environment
--format=FORMAT Output format (cli, json, html, junit) --format=json cli
--fail-on-error Exit with error code if rules fail --fail-on-error false
--ci CI-friendly output (no colors) --ci false
--env-rules Use environment-specific rules only --env-rules false
--severity=LEVEL Run only rules with specific severity --severity=critical All severities
--rules=RULES Run only specific rules --rules=app-key-is-set,csrf-enabled All enabled rules
--verbose Show detailed output --verbose false
--quiet Suppress output (except errors) --quiet false

Examples

# πŸ” Basic security check
php artisan safeguard:check

# 🌍 Check specific environment
php artisan safeguard:check --env=production

# 🎯 Use only environment-specific rules
php artisan safeguard:check --env=production --env-rules

# πŸ“Š Get JSON output for automation
php artisan safeguard:check --format=json

# πŸš€ CI/CD usage (no colors, fail on error)
php artisan safeguard:check --ci --fail-on-error

# 🚨 Check only critical issues
php artisan safeguard:check --severity=critical --fail-on-error

# 🎯 Run specific rules only
php artisan safeguard:check --rules=app-key-is-set,csrf-enabled

# πŸ“ Detailed output with recommendations
php artisan safeguard:check --verbose

# πŸ”‡ Silent mode (errors only)
php artisan safeguard:check --quiet --fail-on-error

Exit Codes

  • 0: All checks passed successfully
  • 1: One or more checks failed (only when using --fail-on-error)
  • 2: Configuration error or invalid arguments

Sample Output

CLI Format (default):

πŸ” Laravel Safeguard Security Check
═══════════════════════════════════════

Environment: production

βœ… APP_KEY is set
βœ… CSRF protection enabled
❌ APP_DEBUG is enabled in production
⚠️  Database connection not encrypted

═══════════════════════════════════════
🎯 2 issues found, 2 checks passed

JSON Format:

{
  \"status\": \"failed\",
  \"environment\": \"production\",
  \"timestamp\": \"2025-01-01T10:00:00Z\",
  \"checks\": [
    {
      \"rule\": \"app-key-is-set\",
      \"status\": \"passed\",
      \"severity\": \"critical\",
      \"message\": \"APP_KEY is properly set\"
    },
    {
      \"rule\": \"app-debug-false-in-production\",
      \"status\": \"failed\",
      \"severity\": \"critical\",
      \"message\": \"APP_DEBUG is enabled in production\",
      \"recommendations\": [\"Set APP_DEBUG=false in production .env file\"]
    }
  ],
  \"summary\": {
    \"total\": 10,
    \"passed\": 8,
    \"failed\": 1,
    \"warnings\": 1
  }
}

πŸ“‹ safeguard:list

Display all available security rules and their current status.

Syntax

php artisan safeguard:list [options]

Options

Option Description Example Default
--enabled Show only enabled rules --enabled Show all
--disabled Show only disabled rules --disabled Show all
--environment=ENV Show rules for specific environment --environment=production All environments
--severity=LEVEL Show rules with specific severity --severity=critical All severities
--format=FORMAT Output format (table, json, csv) --format=json table
--filter=PATTERN Filter rules by name pattern --filter=database No filter

Examples

# πŸ“‹ List all rules
php artisan safeguard:list

# βœ… List only enabled rules
php artisan safeguard:list --enabled

# ❌ List only disabled rules
php artisan safeguard:list --disabled

# 🌍 List rules for specific environment
php artisan safeguard:list --environment=production

# 🚨 List critical rules only
php artisan safeguard:list --severity=critical

# πŸ“Š JSON output for automation
php artisan safeguard:list --format=json

# πŸ” Filter rules by pattern
php artisan safeguard:list --filter=database

# πŸ“ CSV export
php artisan safeguard:list --format=csv > rules-export.csv

Sample Output

β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚ Rule ID                          β”‚ Status  β”‚ Severity    β”‚ Description                             β”‚
β”œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€
β”‚ app-key-is-set                   β”‚ βœ… On   β”‚ critical    β”‚ Verifies that Laravel application...   β”‚
β”‚ app-debug-false-in-production    β”‚ βœ… On   β”‚ critical    β”‚ Ensures APP_DEBUG is false in...       β”‚
β”‚ csrf-enabled                     β”‚ βœ… On   β”‚ critical    β”‚ Ensures CSRF protection is enabled     β”‚
β”‚ no-secrets-in-code               β”‚ βœ… On   β”‚ critical    β”‚ Detects hardcoded secrets in...        β”‚
β”‚ database-connection-encrypted    β”‚ βœ… On   β”‚ critical    β”‚ Verifies database connections...        β”‚
β”‚ password-policy-compliance       β”‚ βœ… On   β”‚ critical    β”‚ Verifies password policy meets...      β”‚
β”‚ two-factor-auth-enabled          β”‚ ❌ Off  β”‚ warning     β”‚ Validates two-factor auth config...     β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜

πŸ“Š Summary: 6 enabled, 1 disabled (7 total rules)

πŸ§ͺ safeguard:test-rule

Test individual security rules in isolation.

Syntax

php artisan safeguard:test-rule <rule-id> [options]

Arguments

Argument Description Required
rule-id The ID of the rule to test Yes

Options

Option Description Example Default
--env=ENVIRONMENT Environment context for testing --env=production Current environment
--verbose Show detailed test output --verbose false
--format=FORMAT Output format (cli, json) --format=json cli

Examples

# πŸ§ͺ Test a specific rule
php artisan safeguard:test-rule app-debug-false-in-production

# 🌍 Test rule in specific environment context
php artisan safeguard:test-rule database-connection-encrypted --env=production

# πŸ“ Detailed test output
php artisan safeguard:test-rule no-secrets-in-code --verbose

# πŸ“Š JSON output for automation
php artisan safeguard:test-rule csrf-enabled --format=json

Sample Output

πŸ§ͺ Testing Rule: app-debug-false-in-production
═══════════════════════════════════════════════

Environment: production
Severity: critical

βœ… Rule passed: APP_DEBUG is properly disabled in production

Execution time: 15ms
Memory usage: 2.1MB

πŸ—οΈ safeguard:make-rule

Generate a new custom security rule.

Syntax

php artisan safeguard:make-rule <name> [options]

Arguments

Argument Description Required
name Name of the rule class Yes

Options

Option Description Example Default
--path=PATH Custom path for the rule --path=app/Security/Rules app/SafeguardRules
--namespace=NAMESPACE Custom namespace --namespace=App\\Security\\Rules App\\SafeguardRules
--severity=LEVEL Default severity level --severity=critical error
--template=TYPE Rule template type --template=database basic

Examples

# πŸ—οΈ Create a basic custom rule
php artisan safeguard:make-rule CustomSecurityRule

# πŸ“ Create rule with custom path and namespace
php artisan safeguard:make-rule ApiSecurityRule \\
  --path=app/Security/Rules \\
  --namespace=App\\Security\\Rules

# 🚨 Create critical rule with template
php artisan safeguard:make-rule DatabaseSecurityRule \\
  --severity=critical \\
  --template=database

Sample Output

πŸ—οΈ Creating custom security rule...

βœ… Rule created successfully!

File: app/SafeguardRules/CustomSecurityRule.php
Namespace: App\\SafeguardRules

Next steps:
1. Implement the check() method
2. Add the rule to your config/safeguard.php
3. Test your rule with: php artisan safeguard:test-rule custom-security-rule

πŸ“Š safeguard:report

Generate comprehensive security reports.

Syntax

php artisan safeguard:report [options]

Options

Option Description Example Default
--format=FORMAT Report format (html, pdf, json, csv) --format=html html
--output=FILE Output file path --output=reports/security.html Auto-generated
--env=ENVIRONMENT Environment to report on --env=production All environments
--template=TEMPLATE Report template --template=executive detailed
--include-passed Include passed checks in report --include-passed false
--email=EMAIL Email report to address [email protected] No email

Examples

# πŸ“Š Generate HTML report
php artisan safeguard:report --format=html

# πŸ“§ Generate and email PDF report
php artisan safeguard:report --format=pdf [email protected]

# 🌍 Production environment report
php artisan safeguard:report --env=production --output=prod-security-report.html

# πŸ“ˆ Executive summary report
php artisan safeguard:report --template=executive --format=pdf

# πŸ“‹ Complete CSV export
php artisan safeguard:report --format=csv --include-passed --output=complete-audit.csv

πŸ”„ safeguard:cache

Manage security rule caching for improved performance.

Syntax

php artisan safeguard:cache [action] [options]

Actions

Action Description Example
clear Clear security rule cache php artisan safeguard:cache clear
rebuild Rebuild security rule cache php artisan safeguard:cache rebuild
status Show cache status php artisan safeguard:cache status

Examples

# πŸ—‘οΈ Clear cache
php artisan safeguard:cache clear

# πŸ”„ Rebuild cache
php artisan safeguard:cache rebuild

# πŸ“Š Check cache status
php artisan safeguard:cache status

πŸ“‹ safeguard:config

Manage Safeguard configuration.

Syntax

php artisan safeguard:config [action] [options]

Actions

Action Description Example
show Display current configuration php artisan safeguard:config show
validate Validate configuration file php artisan safeguard:config validate
export Export configuration php artisan safeguard:config export

Options

Option Description Example Default
--format=FORMAT Output format (json, yaml, php) --format=json json
--output=FILE Output file path --output=config-export.json STDOUT

Examples

# πŸ“‹ Show current configuration
php artisan safeguard:config show

# βœ… Validate configuration
php artisan safeguard:config validate

# πŸ“ Export configuration as JSON
php artisan safeguard:config export --format=json --output=safeguard-config.json

πŸ” Advanced Usage Patterns

Batch Operations

# Run multiple commands in sequence
php artisan safeguard:check --env=staging --fail-on-error && \\
php artisan safeguard:check --env=production --fail-on-error && \\
php artisan safeguard:report --format=html --output=weekly-report.html

Conditional Execution

# Only generate report if checks pass
php artisan safeguard:check --quiet --fail-on-error && \\
php artisan safeguard:report --format=pdf [email protected]

Scripted Automation

#!/bin/bash
# scripts/comprehensive-security-audit.sh

echo \"πŸ” Starting comprehensive security audit...\"

# Test individual critical rules first
for rule in \"app-key-is-set\" \"app-debug-false-in-production\" \"csrf-enabled\"; do
    php artisan safeguard:test-rule $rule --env=production
    if [ $? -ne 0 ]; then
        echo \"❌ Critical rule $rule failed\"
        exit 1
    fi
done

# Run full security check
php artisan safeguard:check --env=production --fail-on-error

# Generate reports
php artisan safeguard:report --env=production --format=html --output=security-report.html
php artisan safeguard:report --env=production --format=json --output=security-data.json

echo \"βœ… Security audit completed successfully\"

πŸ› Debugging Commands

Verbose Output

Add --verbose to any command for detailed debugging information:

php artisan safeguard:check --verbose
php artisan safeguard:test-rule app-key-is-set --verbose

Debug Mode

Enable Laravel's debug mode for additional debugging:

APP_DEBUG=true php artisan safeguard:check --verbose

Configuration Debugging

# Check if configuration is valid
php artisan safeguard:config validate

# Show current configuration
php artisan safeguard:config show

# List all available rules
php artisan safeguard:list --format=json

🎯 Best Practices

1. CI/CD Integration 

# Use appropriate flags for automation
php artisan safeguard:check --ci --fail-on-error --format=json

2. Environment-Specific Checks 

# Use environment-specific rules for accurate results
php artisan safeguard:check --env=production --env-rules

3. Progressive Security 

# Start with critical issues, then expand
php artisan safeguard:check --severity=critical --fail-on-error

4. Regular Reporting 

# Schedule regular comprehensive reports
php artisan safeguard:report --format=html [email protected]

5. Performance Optimization 

# Use caching for better performance
php artisan safeguard:cache rebuild

πŸ“š Related Documentation

Next Step: πŸ“Š Learn about output formats

🏠 Home | ⚑ Quick Start | βš™οΈ Configuration | πŸ“Š Output Formats

Laravel Safeguard - Configurable Security Checks for Laravel Applications

🏠 Home | πŸ“¦ Installation | ⚑ Quick Start | πŸ’‘ Examples | πŸ“š Full Docs

Made with ❀️ for the Laravel community

πŸ”— Additional Links

Β© 2025 - Laravel Safeguard by Grazulex

πŸ“š Laravel Safeguard Wiki

🏠 Home

πŸš€ Getting Started

πŸ“– Core Documentation

πŸ”§ Advanced Features

πŸ› οΈ Support & Help

πŸ“‹ Quick Links

Clone this wiki locally