Search
My Cart

integer-net / magento2-sansec-watch

integer-net/magento2-sansec-watch

Sansec Watch integration for Magento 2

  • Julian Nuß
magento2-module Compatibility: 2.4.7-2.4.8 Code Quality: Fail Tests: N/A Security: Pass MIT

IntegerNet_SansecWatch Module

This module allows the integration CSP rules from Sansec Watch (https://sansec.watch/) into Magento without the need for file manipulations and a re-deployment

Setup

composer require integer-net/magento2-sansec-watch
bin/magento module:enable IntegerNet_SansecWatch
bin/magento setup:upgrade

Configuration

The configuration can be found under Stores > Configuration > IntegerNet > Sansec Watch
Only the sansec watch project ID is needed, which can be found in the URL, if you navigate to https://sansec.watch/d/account/list and select a project
(e.g. 685769a2-38a4-4d06-a19a-67a528197f51)

How it works

The policies are fetched from the Sansec Watch API and saved into a database table (integernet_sansecwatch_policies)
When Magento collects the CSP rules, it uses the Magento\Csp\Model\CompositePolicyCollector class and this module adds
a collector to this class, which will read the policies from the database table and add them to the existing policies.

Once policies are fetched from Sansec Watch, the result will be hashed and further updates are only executed, if the
newly fetched policies differ from the existing ones. (This is handled via the entry integernet_sansecwatch in the flag table)

Full Page Cache (FPC)

After policies are updated (either by an updated list from sansec watch or by force), the FPC will be, depending on the configuration either cleared, invalidated or ignored.

Usage

Backend

Directly below the configuration is a button, Update Policies Now, which will fetch and update the policies on demand.
This will do a forced update, where rules are updated, even if the hashes of the old and new policies match.

Command Line

An update can be triggered via bin/magento integer-net:sansec-watch:update
This will by default only update the policies if the hashes of the old and new policies doesn't match.

A dry-run is possible by adding the --dry-run flag, which will only fetch and output the policies, but not update the
database table.

If an update should be force (regardless of the hashes), the --force flag can be added.

Cronjob

The policies are also fetched via the cronjob integernet_sansecwatch_update, which will run every hour (cron expression: 0 * * * *)
This will also only update the database, if the hashes of the old and new policies do not match

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog,
and this project adheres to Semantic Versioning.

[1.1.1]

Fixed

  • Use heredoc instead of nowdoc to render scripts with the SecureHtmlRenderer (prevent problems with processed templates)

1.1.0

Added

  • Added policy search in the admin configuration.
  • Added sorting for the displayed policy list.
  • Added a German (de_DE) translation for admin texts.

Changed

  • Collapsed long policy lists by default in the admin UI.
  • Hid labels for informational fields that are not editable configuration values.
  • Made admin UI strings translatable.

Fixed

  • Added an explicit empty-state message when no policies are available.

1.0.12 - 2025-09-23

Changed

  • Memoized policy fetches to avoid repeated requests during a single update flow.
  • Disabled inline policies by default.

1.0.10 - 2025-02-20

Fixed

  • Sorted policies before calculating the change hash so identical policy sets no longer trigger incorrect update detection.

1.0.9 - 2025-02-14

Added

  • Added a status indicator for the report URI configuration.

Changed

  • Added compatibility with symfony/http-client 5.x.

Fixed

  • Prevented policies from being loaded when the module is disabled.

1.0.7 - 2024-12-02

Added

  • Added an admin action that links directly to the Sansec dashboard.
  • Added default button styling for the dashboard shortcut.

1.0.6 - 2024-11-30

Changed

  • Made the default Sansec policy fetch parameters configurable.
  • Stopped enabling strict-dynamic by default.

1.0.4 - 2024-11-17

Fixed

  • Resolved policy table names through Magento's ResourceConnection to improve compatibility with customized database table names.

1.0.3 - 2024-11-17

Changed

  • Added compatibility with symfony/http-client 7.

1.0.2 - 2024-11-05

Fixed

  • Added support for Magento installations that use database table prefixes.

1.0.1 - 2024-10-29

Changed

  • Changed the package license to MIT.

1.0.0 - 2024-10-18

Added

  • Initial release of the Magento integration for importing CSP policies from Sansec Watch.
  • Added scheduled and manual policy updates, including CLI support.
  • Added an admin policy list and backend timestamps for the last checks and updates.
  • Added full page cache handling after policy updates.
  • Added extension points for customizations.
Versions
Version Stability QA Status Compatibility Released
2.0.0-beta beta Not tested Not yet tested Details 2026-06-16 09:17:59
1.1.1 stable Fail Magento 2.4.7-2.4.8 Details 2026-05-11 09:52:01
1.1.0 stable Not tested Not yet tested Details 2026-04-03 17:43:06
1.0.12 stable Not tested Not yet tested Details 2025-09-23 10:44:09
1.0.11 stable Not tested Not yet tested Details 2025-03-12 15:32:10
1.0.10 stable Not tested Not yet tested Details 2025-02-20 10:34:09
1.0.9 stable Not tested Not yet tested Details 2025-02-14 14:46:59
1.0.8 stable Not tested Not yet tested Details 2024-12-09 09:07:35
1.0.7 stable Not tested Not yet tested Details 2024-12-02 11:02:18
1.0.6 stable Not tested Not yet tested Details 2024-11-30 12:42:45
1.0.5 stable Not tested Not yet tested Details 2024-11-18 12:49:30
1.0.4 stable Not tested Not yet tested Details 2024-11-17 18:44:00
1.0.3 stable Not tested Not yet tested Details 2024-11-17 18:16:44
1.0.2 stable Not tested Not yet tested Details 2024-11-05 12:02:23
1.0.1 stable Not tested Not yet tested Details 2024-10-29 08:43:40
1.0.0 stable Not tested Not yet tested Details 2024-10-04 11:40:38

Requires 8

Package Constraint
php >=8.1.0
beberlei/assert ^3.3
cuyz/valinor ^1.10
magento/framework >=100.0.0
magento/module-csp *
symfony/clock ^6.4
symfony/http-client ^5.0 || ^6.0 || ^7.0
symfony/uid ^6.2

Requires-dev 14

Package Constraint
bitexpert/phpstan-magento ^0.31.0
ergebnis/composer-normalize ^2.43
magento/magento-coding-standard ^38.0
php-parallel-lint/php-console-highlighter ^1.0
php-parallel-lint/php-parallel-lint ^1.4
phpstan/extension-installer ^1.4
phpstan/phpstan ^1.11
phpstan/phpstan-deprecation-rules ^1.2
phpstan/phpstan-phpunit ^1.4
phpstan/phpstan-strict-rules ^1.6
phpunit/phpunit ^10.5
rector/rector ^1.2
roave/security-advisories dev-latest
symplify/easy-coding-standard ^12.3

Compatibility

Each Magento release line is installed on its supported PHP versions, then the module is built (DI compilation + static-content deploy) and its unit and integration suites are run. The matrix shows the lines and PHP versions the module is confirmed to install and run on. Code-quality results further down (phpstan, phpcs, …) are reported separately and never affect compatibility.

Compatibility matrix (Magento × PHP)
Magento PHP 8.2 PHP 8.3 PHP 8.4 PHP 8.5
2.4.7 Pass Pass
2.4.8 Pass Pass
2.4.9 Pass not tested

Code Quality

Advisory checks against the module's source. Static analysis runs once across the whole module; PHPStan re-runs per Magento + PHP version because resolvable symbols differ between releases. These NEVER affect the Compatibility badge — a phpcs finding can't make a module incompatible.

Static analysis

Coding standards (phpcs), mess detection (phpmd), copy-pasted code (cpd), PHP cross-version compatibility, composer.json validity. Each runs once for the whole module.

Static analysis results
Tool Status Findings Summary
PHPCS Fail 164 6 errors, 158 warnings (ruleset: Magento2)
PHPMD Fail 6 6 rule violations (UnusedFormalParameter:4, MissingImport:2)
Cpd Pass 0
Composer validate Info 2 valid; 2 advisory notes (composer validate --strict)

PHPStan

Type-checks the module's PHP against a real Magento install at the configured gate level. Re-runs per Magento and PHP version because resolvable symbols differ between releases. Cell → details modal.

PHPStan results by Magento and PHP version
Magento PHP 8.2 PHP 8.3 PHP 8.4 PHP 8.5
2.4.7 Pass Pass
2.4.8 Pass Pass
2.4.9 Pass N/A

Tests

Unit and integration suites, run for each applicable Magento and PHP version. A test failure speaks to the module's behaviour, not its compatibility with a Magento line, so it is reported here separately and never reddens the compatibility matrix.

Unit tests

Unit tests results by Magento and PHP version
Magento PHP 8.2 PHP 8.3 PHP 8.4 PHP 8.5
2.4.7 N/A N/A
2.4.8 N/A N/A
2.4.9 N/A N/A

Integration tests

Integration tests results by Magento and PHP version
Magento PHP 8.2 PHP 8.3 PHP 8.4 PHP 8.5
2.4.7 N/A N/A
2.4.8 N/A N/A
2.4.9 N/A N/A

Security

Security checks run directly against the module: an audit of its declared dependencies for known vulnerabilities (composer audit) and a scan of its source for malware and web-shell signatures. Each runs once. A malware detection fails the version outright.

Security results
Tool Status Findings Summary
Composer audit Pass 0
Malware scan Pass 0
License
MIT
Authors

More from integer-net

View vendor
integer-net/solr-magento2 Free
magento2-module
v1.7.1 6yr ago
0
integer-net/magento2-rewritemap Free
magento2-module

Generate RewriteMap files for Apache from Magento URL rewrites

v1.0.0-alpha 5yr ago
0
integer-net/magento2-health-check Free
magento2-component

Magento 2 Health Check

v1.1.0 7mo ago
0
integer-net/magento2-product-sale-attribute Free
magento2-module

Create an "is_sale" product attribute and update it automatically from the "price" and "special_price" attributes

v1.0.0 2yr ago
0
Make it pay

Turn an existing module into recurring revenue.

If you already maintain a Magento 2 module on GitHub or GitLab, listing it on Packagento takes about five minutes. We mirror your tags, handle distribution signing, and route paid licenses through Stripe Connect, so you can keep shipping the way you already do.

List your module