Skip to content

jakzal/phpqa

Folders and files

NameName
Last commit message
Last commit date

Latest commit

d10723d Β· Oct 27, 2023
Dec 12, 2022
Dec 12, 2022
Dec 31, 2018
Jul 20, 2017
Jul 2, 2022
Sep 28, 2023
Jul 13, 2017
Dec 12, 2022
Oct 27, 2023

Repository files navigation

Static Analysis Tools for PHP

Docker image providing static analysis tools for PHP. The list of available tools and the installer are actually managed in the jakzal/toolbox repository.

Build Status Docker Pulls

Supported platforms and PHP versions

Docker hub repository: https://hub.docker.com/r/jakzal/phpqa/

Nightly builds: https://hub.docker.com/r/jakzal/phpqa-nightly/

Debian

  • latest, debian (Dockerfile)
  • 1.92.2, 1.92, 1.92.2-debian, 1.92-debian (Dockerfile)
  • 1.92.2-php8.0, 1.92-php8.0, php8.0-debian, php8.0 (Dockerfile)
  • 1.92.2-php8.1, 1.92-php8.1, php8.1-debian, php8.1 (Dockerfile)
  • 1.92.2-php8.2, 1.92-php8.2, php8.2-debian, php8.2 (Dockerfile)

Alpine

  • alpine (Dockerfile)
  • 1.92.2-alpine, 1.92-alpine, (Dockerfile)
  • 1.92.2-php8.0-alpine, 1.92-php8.0-alpine, php8.0-alpine (Dockerfile)
  • 1.92.2-php8.1-alpine, 1.92-php8.1-alpine, php8.1-alpine (Dockerfile)
  • 1.92.2-php8.2-alpine, 1.92-php8.2-alpine, php8.2-alpine (Dockerfile)

Legacy

These are the latest tags for PHP versions that are no longer supported:

Available tools

Name Description PHP 8.0 PHP 8.1 PHP 8.2
behat Helps to test business expectations βœ… βœ… βœ…
box Fast, zero config application bundler with PHARs ❌ βœ… βœ…
box-3 Fast, zero config application bundler with PHARs βœ… βœ… ❌
churn Discovers good candidates for refactoring βœ… βœ… βœ…
codeception Codeception is a BDD-styled PHP testing framework βœ… βœ… βœ…
composer Dependency Manager for PHP βœ… βœ… βœ…
composer-bin-plugin Composer plugin to install bin vendors in isolated locations βœ… βœ… βœ…
composer-normalize Composer plugin to normalize composer.json files βœ… βœ… βœ…
composer-require-checker Verify that no unknown symbols are used in the sources of a package. ❌ βœ… βœ…
composer-require-checker-3 Verify that no unknown symbols are used in the sources of a package. βœ… βœ… βœ…
composer-unused Show unused packages by scanning your code βœ… βœ… βœ…
dephpend Detect flaws in your architecture βœ… βœ… βœ…
deprecation-detector Finds usages of deprecated code βœ… βœ… βœ…
deptrac Enforces dependency rules between software layers ❌ βœ… βœ…
diffFilter Applies QA tools to run on a single pull request βœ… βœ… βœ…
ecs Sets up and runs coding standard checks βœ… βœ… βœ…
infection AST based PHP Mutation Testing Framework ❌ βœ… βœ…
larastan PHPStan extension for Laravel βœ… βœ… βœ…
local-php-security-checker Checks composer dependencies for known security vulnerabilities βœ… βœ… βœ…
parallel-lint Checks PHP file syntax βœ… βœ… βœ…
paratest Parallel testing for PHPUnit βœ… βœ… βœ…
pdepend Static Analysis Tool βœ… βœ… βœ…
pest The elegant PHP Testing Framework βœ… βœ… βœ…
phan Static Analysis Tool βœ… βœ… βœ…
phive PHAR Installation and Verification Environment βœ… βœ… βœ…
php-coupling-detector Detects code coupling issues βœ… βœ… βœ…
php-cs-fixer PHP Coding Standards Fixer βœ… βœ… βœ…
php-fuzzer A fuzzer for PHP, which can be used to find bugs in libraries by feeding them 'random' inputs βœ… βœ… βœ…
php-semver-checker Suggests a next version according to semantic versioning βœ… βœ… βœ…
phpa Checks for weak assumptions βœ… βœ… βœ…
phparkitect Helps to put architectural constraints in a PHP code base βœ… βœ… βœ…
phpat Easy to use architecture testing tool βœ… βœ… βœ…
phpbench PHP Benchmarking framework ❌ βœ… βœ…
phpca Finds usage of non-built-in extensions βœ… βœ… βœ…
phpcb PHP Code Browser βœ… βœ… βœ…
phpcbf Automatically corrects coding standard violations βœ… βœ… βœ…
phpcodesniffer-composer-install Easy installation of PHP_CodeSniffer coding standards (rulesets). βœ… βœ… βœ…
phpcov a command-line frontend for the PHP_CodeCoverage library ❌ βœ… βœ…
phpcpd Copy/Paste Detector βœ… βœ… βœ…
phpcs Detects coding standard violations βœ… βœ… βœ…
phpcs-security-audit Finds vulnerabilities and weaknesses related to security in PHP code βœ… βœ… βœ…
phpda Generates dependency graphs βœ… ❌ ❌
phpdd Finds usage of deprecated features βœ… βœ… βœ…
phpDocumentor Documentation generator ❌ βœ… βœ…
phpinsights Analyses code quality, style, architecture and complexity βœ… βœ… βœ…
phplint Lints php files in parallel βœ… βœ… βœ…
phploc A tool for quickly measuring the size of a PHP project βœ… βœ… βœ…
phpmd A tool for finding problems in PHP code βœ… βœ… βœ…
phpmetrics Static Analysis Tool βœ… βœ… βœ…
phpmnd Helps to detect magic numbers βœ… βœ… βœ…
phpspec SpecBDD Framework βœ… βœ… ❌
phpstan Static Analysis Tool βœ… βœ… βœ…
phpstan-banned-code PHPStan rules for detecting calls to specific functions you don't want in your project βœ… βœ… βœ…
phpstan-beberlei-assert PHPStan extension for beberlei/assert βœ… βœ… βœ…
phpstan-deprecation-rules PHPStan rules for detecting deprecated code βœ… βœ… βœ…
phpstan-doctrine Doctrine extensions for PHPStan βœ… βœ… βœ…
phpstan-ergebnis-rules Additional rules for PHPstan βœ… βœ… βœ…
phpstan-exception-rules PHPStan rules for checked and unchecked exceptions βœ… βœ… βœ…
phpstan-larastan Separate installation of phpstan for larastan βœ… βœ… βœ…
phpstan-phpunit PHPUnit extensions and rules for PHPStan βœ… βœ… βœ…
phpstan-strict-rules Extra strict and opinionated rules for PHPStan βœ… βœ… βœ…
phpstan-symfony Symfony extension for PHPStan βœ… βœ… βœ…
phpstan-webmozart-assert PHPStan extension for webmozart/assert βœ… βœ… βœ…
phpunit The PHP testing framework ❌ βœ… βœ…
phpunit-8 The PHP testing framework (8.x version) βœ… βœ… βœ…
phpunit-9 The PHP testing framework (9.x version) βœ… βœ… βœ…
pint Opinionated PHP code style fixer for Laravel βœ… βœ… βœ…
psalm Finds errors in PHP applications βœ… βœ… βœ…
psalm-plugin-doctrine Stubs to let Psalm understand Doctrine better βœ… βœ… βœ…
psalm-plugin-phpunit Psalm plugin for PHPUnit βœ… βœ… βœ…
psalm-plugin-symfony Psalm Plugin for Symfony βœ… βœ… βœ…
psecio-parse Scans code for potential security-related issues βœ… βœ… βœ…
rector Tool for instant code upgrades and refactoring βœ… βœ… βœ…
roave-backward-compatibility-check Tool to compare two revisions of a class API to check for BC breaks βœ… βœ… βœ…
simple-phpunit Provides utilities to report legacy tests and usage of deprecated code βœ… βœ… βœ…
twig-lint Standalone cli twig 1.X linter βœ… βœ… βœ…
twig-linter Standalone cli twig 3.X linter βœ… βœ… βœ…
twigcs The missing checkstyle for twig! βœ… βœ… βœ…
yaml-lint Compact command line utility for checking YAML file syntax ❌ βœ… βœ…

More tools

Some tools are not included in the docker image, to use them refer to their documentation:

Removed tools

Name Summary
analyze Visualizes metrics and source code
box-legacy Legacy version of box
composer-normalize Composer plugin to normalize composer.json files
design-pattern Detects design patterns
parallel-lint Checks PHP file syntax
php-formatter Custom coding standards fixer
phpcf Finds usage of deprecated features
phpdoc-to-typehint Automatically adds type hints and return types based on PHPDocs
phpstan-localheinz-rules Additional rules for PHPstan
security-checker Checks composer dependencies for known security vulnerabilities
testability Analyses and reports testability issues of a php codebase

Running tools

Pull the image:

docker pull jakzal/phpqa

The default command will list available tools:

docker run -it --rm jakzal/phpqa

To run the selected tool inside the container, you'll need to mount the project directory on the container with -v "$(pwd):/project". Some tools like to write to the /tmp directory (like PHPStan, or Behat in some cases), therefore it's often useful to share it between docker runs, i.e. with -v "$(pwd)/tmp-phpqa:/tmp". If you want to be able to interrupt the selected tool if it takes too much time to complete, you can use the --init option. Please refer to the docker run documentation for more information.

docker run --init -it --rm -v "$(pwd):/project" -v "$(pwd)/tmp-phpqa:/tmp" -w /project jakzal/phpqa phpstan analyse src

You might want to tweak this command to your needs and create an alias for convenience:

alias phpqa='docker run --init -it --rm -v "$(pwd):/project" -v "$(pwd)/tmp-phpqa:/tmp" -w /project jakzal/phpqa:alpine'

Add it to your ~/.bashrc so it's defined every time you start a new terminal session.

Now the command becomes a lot simpler:

phpqa phpstan analyse src

Building the image

git clone https://github.com/jakzal/phpqa.git
cd phpqa
make build-debian

To build the alpine version:

make build-alpine

Cookbook

Please check out the cookbook for further tips & tricks.

Contributing

Please read the Contributing guide to learn about contributing to this project. Please note that this project is released with a Contributor Code of Conduct. By participating in this project you agree to abide by its terms.