A package for manipulating `security.txt` documents in PHP 7+, based on configuration settings. https://securitytext.org/
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
docs
src
tests
.codeclimate.yml
.gitattributes
.gitignore
.scrutinizer.yml
.styleci.yml
.travis.yml
CONTRIBUTING.md
LICENSE.md
README.md
composer.json
phpdoc.xml
phpunit.xml

README.md

PHP 7+ security.txt Package

php-security-txt banner from the documentation

License Current Release Total Downloads Build Status Dependency Status Scrutinizer CI StyleCI Maintainability Test Coverage SensioLabs

A package for manipulating security.txt documents in PHP 7+, based on configuration settings.

The purpose of this project is to create a set-it-and-forget-it package that can manipulate documents following the current security.txt spec. It is therefore highly opinionated but built for configuration.

security.txt is a draft "standard" which allows websites to define security policies. This "standard" sets clear guidelines for security researchers on how to report security issues, and allows bug bounty programs to define a scope. Security.txt is the equivalent of robots.txt, but for security issues.

There is documentation for php-security-txt online, the source of which is in the docs/ directory. The most logical place to start are the docs for the SecurityTxt class.

Table of Contents

Installation

Step 1: Composer

Via Composer command line:

$ composer require austinheap/php-security-txt

Or add the package to your composer.json:

{
    "require": {
        "austinheap/php-security-txt": "0.3.*"
    }
}

Step 2: Manipulate a security.txt document

To programatically create a security.txt document, you could do:

require_once 'vendor/autoload.php';

$writer = new \AustinHeap\Security\Txt\Writer;

print $writer->setContact('me@austinheap.com')
             ->setEncryption('http://some.url/pgp.key')
             ->setDisclosure('full')
             ->setAcknowledgement('http://some.url/acks')
             ->getText();

Which should output:

# Our security address
Contact: me@austinheap.com

# Our PGP key
Encryption: http://some.url/pgp.key

# Our disclosure policy
Disclosure: Full

# Our public acknowledgement
Acknowledgement: http://some.url/acks

#
# Generated by "php-security-txt" v0.3.2 (https://github.com/austinheap/php-security-txt/releases/tag/v0.3.2)
# in 0.041008 seconds on 2017-10-26 20:31:25.
#

Unit Tests

This package has aggressive unit tests built with PHPUnit.

There are code coverage reports for php-security-txt available online.

References

Credits

This is a fork of austinheap/laravel-security-txt, which was a fork of InfusionWeb/laravel-robots-route, which was a fork of ellisthedev/laravel-5-robots, which was a fork of jayhealey/Robots, which was based on earlier work.

License

The MIT License (MIT). Please see License File for more information.