marp | theme |
---|---|
true |
gaia |
Install tools through composer
Make sure PHP code can be parsed
composer require --dev jakub-onderka/php-parallel-lint
vendor/bin/parallel-lint src
composer require --dev sebastian/phpcpd
vendor/bin/phpcpd --min-tokens=5 src
Detect magic numbers AND strings
composer require --dev povils/phpmnd
vendor/bin/phpmnd src --no-interaction --non-zero-exit-on-violation --extensions=all
via composer
composer require --dev squizlabs/php_codesniffer
# PSR-2 rules
vendor/bin/phpcs --standard=PSR2 src/*
# Custom rules
vendor/bin/phpcs --standard=misc/phpcs.xml --parallel=4 src/*
Fix all the things
vendor/bin/phpcbf --standard=misc/phpcs.xml src/*
phpcsfixer (by Symfony)
via composer
composer require --dev friendsofphp/php-cs-fixer
vendor/bin/php-cs-fixer --config=misc/phpcsfixer.php fix --dry-run
via composer
composer require --dev phpmd/phpmd
# Base test
vendor/bin/phpmd src text cleancode,codesize,design,naming,unusedcode
# Custom rules
vendor/bin/phpmd src text misc/phpmd.xml
via composer
composer require --dev phan/phan
PHAN_DISABLE_XDEBUG_WARN=1 vendor/bin/phan --allow-polyfill-parser --config-file=misc/phan.php --output-mode=text --color
via composer
composer require --dev phpstan/phpstan
vendor/bin/phpstan analyse --configuration misc/phpstan.neon --no-progress
Psalm (by Vimeo)
via composer
composer require --dev vimeo/psalm
vendor/bin/psalm -c misc/psalm.xml --show-info=false --threads=4
Composer Library Security (by Symfony)
via composer
composer require --dev sensiolabs/security-checker
vendor/bin/security-checker security:check
via composer
composer require --dev phpmetrics/phpmetrics
vendor/bin/phpmetrics --report-html=tmp/phpmetrics src
List of tools:
- https://github.com/exakat/php-static-analysis-tools
- https://owasp.org/www-community/Source_Code_Analysis_Tools
Commercial tools:
- https://www.sonarsource.com/products/codeanalyzers/sonarphp.html
- https://www.exakat.io/
- https://www.ripstech.com/
GrumPhp Checking Git Commits
composer require --dev phpro/grumphp
Automatically checks on git commit