Automated Code Reviews for PHP¶
Scrutinizer has the most advanced static analysis engine that is available for PHP code. It goes beyond simple style checks for whether you make use of certain language features. We track how data flows through your application to detect security issues, bugs, unused code, and much more.
Using Scrutinizer, you also benefit from the knowledge of thousands of PHP developers that are already using our service. Based on their behavior, Scrutinizer automatically learns which issues are likely to be false-positives and filters them for you providing you more useful results.
If you like, we also allow you to run certain open-source tools like PHP Code Sniffer to execute your own checks in case you have some already.
All analysis tools run in Scrutinizer's regular build environment. As a default, we configure Scrutinizer's own PHP analysis along with a minimal configuration of PHP CodeSniffer depending on the framework you are using.
As a convention, the analysis tools are placed in a separate node called
analysis, but you can use any
other name, too:
build: nodes: analysis: tests: override: - php-scrutinizer-run - phpcs-run
Configuring Third-party Tools¶
We automatically enable the checks that we believe are most useful for your project by default. In general, we support two different modes to fine-tune the configuration for many analysis tools.
In the first mode, we manage the tool configuration for you and you can select the checks from
the website config editor. This is supported for
some selected analysis tools and is signaled in the configuration by a
flag that needs to be set for a tool. For example for PHP CodeSniffer, it looks like this:
build: nodes: analysis: tests: override: - command: phpcs-run use_website_config: true # <- uses the website config
In the second mode, you take care of providing the tool specific configuration. This is generally
possible for all tools, even those where we do not provide any wrapper script like phpcs-run. For
PHP CodeSniffer, the
use_website_config: true would be absent in your configuration in that case,
and instead you need to provide a
phpcs.xml file as part of your repository.
build: nodes: analysis: tests: override: - command: phpcs-run --config phpcs.xml
Configuring Scrutinizer's Checks¶
Scrutinizer's own checks are not configured in a separate file, but also in your regular Scrutinizer configuration. The minimal configuration for PHP looks like this:
checks: php: true
This configuration can also be adjusted via the the website config editor.
By default, Scrutinizer will analyze all files ending with
.php in your project. If you have generated code, or dependencies
embedded in your project, or would like to exclude your tests from the analysis, this can be achieved easily:
filter: excluded_paths: - tests/*
Learn more about excluding files from the analysis.