The purpose of this project is to create a set-it-and-forget-it package that can
manipulate documents following the current security.txt
spec. It is therefore highly opinionated but built for configuration.
security.txt
is a draft
"standard" which allows websites to define security policies. This "standard"
sets clear guidelines for security researchers on how to report security issues,
and allows bug bounty programs to define a scope. Security.txt is the equivalent
of robots.txt
, but for security issues.
There is documentation for php-security-txt
online,
the source of which is in the docs/
directory. The most logical place to start are the docs for the SecurityTxt
class.
Via Composer command line:
$ composer require austinheap/php-security-txt
Or add the package to your composer.json
:
{
"require": {
"austinheap/php-security-txt": "0.3.*"
}
}
To programatically create a security.txt
document, you could do:
require_once 'vendor/autoload.php';
$writer = new \AustinHeap\Security\Txt\Writer;
print $writer->setContact('me@austinheap.com')
->setEncryption('http://some.url/pgp.key')
->setDisclosure('full')
->setAcknowledgement('http://some.url/acks')
->getText();
Which should output:
# Our security address
Contact: me@austinheap.com
# Our PGP key
Encryption: http://some.url/pgp.key
# Our disclosure policy
Disclosure: Full
# Our public acknowledgement
Acknowledgement: http://some.url/acks
#
# Generated by "php-security-txt" v0.3.2 (https://github.com/austinheap/php-security-txt/releases/tag/v0.3.2)
# in 0.041008 seconds on 2017-10-26 20:31:25.
#
This package has aggressive unit tests built with PHPUnit.
There are code coverage reports for php-security-txt
available online.
- A Method for Web Security Policies (draft-foudil-securitytxt-00)
- laravel-security-txt
- securitytext.org
This is a fork of austinheap/laravel-security-txt, which was a fork of InfusionWeb/laravel-robots-route, which was a fork of ellisthedev/laravel-5-robots, which was a fork of jayhealey/Robots, which was based on earlier work.
- ellisio/laravel-5-robots Contributors
- InfusionWeb/laravel-robots-route Contributors
- austinheap/laravel-security-txt Contributors
The MIT License (MIT). Please see License File for more information.