Enlightn v2.7 releases: Boost Your App’s Performance & Security

enlightn

Think of Enlightn as your performance and security consultant. Enlightn will “review” your code and server configurations, and give you actionable recommendations on improving performance, security, and reliability!

The Enlightn OSS (open source software) version has 61 automated checks that scan your application code, web server configurations, and routes to identify performance bottlenecks, possible security vulnerabilities, and code reliability issues.

Enlightn Pro (commercial) is available for purchase on the Enlightn website and has an additional 61 automated checks (a total of 122 checks).

Performance Checks (34 Automated Checks including 17 Enlightn Pro Checks)

• 🚀 Performance Quick Wins (In-Built In Laravel): Route caching, config caching, etc.
• ⏳ Performance Bottleneck Identification: Middleware bloat, identification of slow, duplicate and N+1 queries, etc.
• 🍽️ Serving Assets: Minification, cache headers, CDN and compression headers.
• 🎛️ Infrastructure Tuning: Opcache, cache hit ratio, unix sockets for single server setups, etc.
• 🛸 Choosing The Right Driver: Choosing the right session, queue and cache drivers for your app.
• 🏆 Good Practices: Separate Redis databases for locks, dont install dev dependencies in production, etc.

Security Checks (46 Automated Checks including 27 Enlightn Pro Checks)

• 🔒 Basic Security: Turn off app debug in production, app key, CSRF protection, login throttling, etc.
• 🍪 Cookie Security and Session Management: Cookie encryption, secure cookie attributes, session timeouts, etc.
• 🃏 Mass Assignment: Detection of mass assignment vulnerabilities, unguarded models, etc.
• ☢️ SQL Injection Attacks: Detection of raw SQL injection, column name SQL injection, validation rule injection, etc.
• 📜 Security Headers: XSS, HSTS, clickjacking and MIME protection headers.
• 📁 Unrestricted File Uploads and DOS Attacks: Detection of directory traversal, storage DOS, unrestricted file uploads, etc.
• 💉 Injection and Phishing Attacks: Detection of command injection, host injection, object injection, open redirection, etc.
• 📦 Dependency Management: Backend and frontend vulnerability scanning, stable and up-to-date dependency checks, licensing, etc.

Reliability Checks (42 Automated Checks including 17 Enlightn Pro Checks)

• 🧐 Code Reliability and Bug Detection: Invalid function calls, method calls, offsets, imports, return statements, syntax errors, etc.
• 💪 Health Checks: Health checks for cache, DB, directory permissions, migrations, disk space, symlinks, Redis, etc.
• ⚙️ Detecting Misconfigurations: Cache prefix, queue timeouts, failed job timeouts, Horizon provisioning plans, eviction policy, etc.
• 👻 Dead Routes and Dead Code: Detection of dead routes and dead/unreachable code.
• 🏅 Good Practices: Cache busting, Composer scripts, env variables, avoiding globals and superglobals, etc.

Changelog v2.7

Fixed

• Move to larastan/larastan and fix PHPStan breaking change (#170)

Install & Use

Copyright (c) Enlightn Software, Paras Malhotra