Ship a GitHub Action for Laravel security scanning

## Problem

Teams using Larastan (or no static analysis) have no easy way to add Laravel-aware security scanning to their CI. The plugin requires manual Psalm setup, which is a barrier for security-only adoption.

## Proposal

Create a GitHub Action (e.g. `psalm/laravel-security-scan`) that runs taint analysis on Laravel projects with minimal config:

```yaml
- uses: psalm/laravel-security-scan@v1
```

It should:
- Install psalm + psalm-plugin-laravel
- Auto-detect Laravel project structure
- Run Psalm with taint analysis
- Report findings as PR annotations (via SARIF or inline comments)
- Fail the check on taint violations (configurable severity threshold)

## Why

- New distribution channel outside Packagist — GitHub Marketplace has its own discovery
- One-line setup lowers the adoption barrier dramatically
- Works alongside Larastan without conflict (complementary positioning)
- Every CI run = a composer install, growing the install base organically
- Proven model: Semgrep Action, Bearer Action, and Gitleaks Action all grew this way

## Prior art to study

- [semgrep/semgrep-action](https://github.com/semgrep/semgrep-action)
- [bearer/bearer-action](https://github.com/Bearer/bearer-action)
- [gitleaks/gitleaks-action](https://github.com/gitleaks/gitleaks-action)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Ship a GitHub Action for Laravel security scanning #669

Problem

Proposal

Why

Prior art to study

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Ship a GitHub Action for Laravel security scanning #669

Description

Problem

Proposal

Why

Prior art to study

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions