PHPQS
PHP Quality & Security Analyser
Requirements
- composer
- php-cli
- node (list reports directories on browser; option --open)
Install
git clone https://github.com/7rin0/phpqs.git
cd phpqs
composer install
npm install
./phpqs path/to/yout/php/project
Options
Dependency detection
Each time the script ./phpqs
is execute it verifies that composer and node dependencies are already installed and if not it is done automatically
View reports through http server:
run: make open-reports
run checks with option "--open": ./phpqs path/to/yout/php/project --open
Use and explore a solo script only instead the fullstack
./bin/{pdepend|phpcbf|phpcpd|phpcs|phpdcd|phploc|phpmd} {options} {arguments}
i.e: ./bin/phpcs path/to/yout/php/project --report=xml --report-file=phpcs-report.xml
TODO
- Update phpqs to run phpmetrics
- Update phpqs to run Security Checker
- Implement OWASP_Code_Review_Project
Inside
This script combines security and quality 100% fuelled by the following great applications:
- pdepend "... shows you the quality of your design in the terms of extensibility, reusability and maintainability ..."
- phpmd "It takes a given PHP source code base and look for several potential problems within that source ..."
- phpcbf, phpcs "PHP_CodeSniffer tokenizes PHP, JavaScript and CSS files and detects violations of a defined set of coding standards."
- phpcpd "Copy/Paste Detector (CPD) for PHP code."
- phpdcd "It scans a PHP project for all declared functions and methods and reports those as being "dead code" that are not called at least once."
- phploc "A tool for quickly measuring the size of a PHP project."