{"id":13721387,"url":"https://github.com/SonarSource/sonar-php","last_synced_at":"2025-05-07T13:32:51.305Z","repository":{"id":3489027,"uuid":"4544982","full_name":"SonarSource/sonar-php","owner":"SonarSource","description":" :elephant: SonarPHP: PHP static analyzer for SonarQube \u0026 SonarLint","archived":false,"fork":false,"pushed_at":"2025-05-05T07:51:37.000Z","size":23200,"stargazers_count":404,"open_issues_count":2,"forks_count":106,"subscribers_count":51,"default_branch":"master","last_synced_at":"2025-05-05T08:38:00.376Z","etag":null,"topics":["code-quality","language-team","php","sonarqube","static-analysis","static-code-analysis"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/SonarSource.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2012-06-04T08:36:12.000Z","updated_at":"2025-05-05T07:51:40.000Z","dependencies_parsed_at":"2023-02-14T16:31:04.392Z","dependency_job_id":"190ec070-1583-4d8a-8ac4-0835e68f6a6f","html_url":"https://github.com/SonarSource/sonar-php","commit_stats":{"total_commits":2611,"total_committers":85,"mean_commits":30.71764705882353,"dds":0.7575641516660283,"last_synced_commit":"d4adbb426b89c71d19696b8346ac91599da99d22"},"previous_names":["sonarcommunity/sonar-php"],"tags_count":86,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SonarSource%2Fsonar-php","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SonarSource%2Fsonar-php/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SonarSource%2Fsonar-php/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SonarSource%2Fsonar-php/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/SonarSource","download_url":"https://codeload.github.com/SonarSource/sonar-php/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252886915,"owners_count":21819804,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["code-quality","language-team","php","sonarqube","static-analysis","static-code-analysis"],"created_at":"2024-08-03T01:01:16.441Z","updated_at":"2025-05-07T13:32:46.296Z","avatar_url":"https://github.com/SonarSource.png","language":"Java","readme":"# Code Quality and Security for PHP \n\n\u003cp align=\"center\"\u003e\n  \u003cimg alt=\"Cirrus CI - Task and Script Build Status\" src=\"https://img.shields.io/cirrus/github/SonarSource/sonar-php\"\u003e\n  \u003cimg alt=\"Quality Gate Status\" src=\"https://next.sonarqube.com/sonarqube/api/project_badges/measure?project=org.sonarsource.php%3Aphp\u0026metric=alert_status\"\u003e\n  \u003cimg alt=\"Coverage\" src=\"https://next.sonarqube.com/sonarqube/api/project_badges/measure?project=org.sonarsource.php%3Aphp\u0026metric=coverage\"\u003e\n  \u003cimg alt=\"Maven Central\" src=\"https://img.shields.io/maven-central/v/org.sonarsource.php/sonar-php-plugin\"\u003e\n  \u003cimg alt=\"GitHub\" src=\"https://img.shields.io/github/license/SonarSource/sonar-php\"\u003e\n\u003c/p\u003e\n\nThis SonarSource project is a [static code analyzer](https://en.wikipedia.org/wiki/Static_program_analysis) for PHP language used as an extension for the [SonarQube](https://www.sonarqube.org/) platform. It will allow you to produce stable and easily supported [Clean Code](https://www.sonarsource.com/solutions/clean-code/) by helping you find and correct bugs, vulnerabilities, and code smells.\n\n\n# Features\n* 200+ rules\n* Supports up to PHP 8.3\n* Metrics (complexity, number of lines, etc.)\n* Import of [unit test and coverage results](https://docs.sonarqube.org/latest/analysis/coverage/)\n* Support of [custom rules](https://docs.sonarqube.org/latest/analysis/languages/php/)\n\n# Useful links\n\n* [Project homepage](https://www.sonarsource.com/php/)\n* [Documentation](https://docs.sonarqube.org/latest/analysis/languages/php/)\n* [Issue tracking](https://jira.sonarsource.com/browse/SONARPHP)\n* [Available rules](https://rules.sonarsource.com/php)\n* [SonarSource Community Forum](https://community.sonarsource.com/)\n* [Demo project analysis](https://sonarcloud.io/dashboard?id=monica)\n\n# More documentation\n\n* [Control Flow Graph documentation](doc/CFG.md)\n\nHave questions or feedback?\n---------------------------\n\nTo provide feedback (request a feature, report a bug, etc.) use the [SonarSource Community Forum](https://community.sonarsource.com/). Please do not forget to specify the language (PHP!), plugin version, and SonarQube version.\n\nIf you have a question on how to use plugin (and the [docs](https://docs.sonarqube.org/latest/analysis/languages/php/) don't help you), we also encourage you to use the community forum.\n\n# Contributing\n\n### Topic in SonarSource Community Forum\n\nTo request a new feature, please create a new thread in [SonarSource Community Forum](https://community.sonarsource.com/). Even if you plan to implement it yourself and submit it back to the community, please start a new thread first to be sure that we can follow up on it.\n\n### Pull Request (PR)\nTo submit a contribution, create a pull request for this repository. Please make sure that you follow our [code style](https://github.com/SonarSource/sonar-developer-toolset) and that all [tests](#testing) are passing.\n\n### Custom Rules\nIf you have an idea for a rule but you are not sure that everyone needs it you can implement a [custom rule](https://docs.sonarqube.org/latest/analysis/languages/php/) available only for you.\n\n#### Custom Rules API Changes\n- **3.32** (October 2023)\n    * Additional `newIssue` endpoint added to the `CheckContext` API interface\n- **3.15** (January 2021)\n    * `PHPCustomRulesDefinition` was removed, it was deprecated since version 2.13 (March 2018)\n    * Removed dependency on sslr-squid-bridge which is not maintained anymore\n- **3.11**, support of PHP 8:\n    * `ParameterTree#type()` is deprecated. Use `ParameterTree#declaredType()` instead.\n    * `ReturnTypeClauseTree#type()` is deprecated. Use `ReturnTypeClauseTree#declaredType()` instead.\n    * `ClassPropertyDeclarationTree#typeAnnotation()` is deprecated. Use `ClassPropertyDeclarationTree#declaredType()` instead.\n    * `CatchBlockTree#variable()` can now return `NULL`.\n    * `FunctionCallTree#arguments()` is deprecated. Use `FunctionCallTree#callArguments()` instead.\n    * `AnonymousClassTree#arguments()` is deprecated. Use `AnonymousClassTree#callArguments()` instead.\n    * New tree: `CallArgumentTree`. This tree wraps expressions passed as arguments now.   \n    * New kind of expression: `ThrowExpressionTree`.\n    * New kind of expression: `MatchExpressionTree`.\n    * `ParameterTree` now has a `visibility` method.\n    \n\n# \u003ca name=\"testing\"\u003e\u003c/a\u003eTesting\nTo run tests locally follow these instructions.\n\n### Build the Project and Run Unit Tests\nTo build the plugin and run its unit tests, execute this command from the project's root directory:\n```shell\n./gradlew build\n```\n\n### Integration Tests\nTo run integration tests, you will need to create a properties file like the one shown below, and set its location in an environment variable named `ORCHESTRATOR_CONFIG_URL`.\n```properties\n# version of SonarQube server\nsonar.runtimeVersion=9.9\n```\nBefore running any of the integration tests make sure the submodules are checked out:\n```shell\n  git submodule update --init\n```\n#### Plugin Test\nThe \"Plugin Test\" is an additional integration test that verifies plugin features such as metric calculation, coverage, etc. To launch it:\n```shell\n./gradlew its:plugin:integrationTest\n```\n\n#### Ruling Test\nThe \"Ruling Test\" is a special integration test that launches the analysis of a large code base, saves the issues created by the plugin in report files, and then compares those results to the set of expected issues (stored as JSON files). To launch the ruling test:\n```shell\n./gradlew its:ruling:integrationTest\n```\n\nThis test gives you the opportunity to examine the issues created by each rule and make sure they're what you expect. You can inspect new/lost issues by checking the SonarQube local URL mentioned in the logs at the end of the analysis.\nIf everything looks good to you, you can copy the file with the actual issues located at\n```\nsonar-php/its/ruling/target/actual/\n```\ninto the directory with the expected issues\n```\nsonar-php/its/ruling/src/test/resources/expected/\n```\n\n### Rule Descriptions\n\n#### Update Rule Descriptions\n\nTo update all rule descriptions:\n\n```shell\n./gradlew ruleApiUpdate\n```\n\n#### Generate New Rule Description\n\nTo fetch static files for a rule SXXXX from [RSPEC](https://github.com/SonarSource/rspec):\n\n```shell\n./gradlew ruleApiGenerateRule -Prule=SXXXX\n```\n\nSame for a specific RSPEC branch (`master` by default):\n\n```shell\n./gradlew ruleApiGenerateRule -Prule=SXXXX -Pbranch=my-branch\n```\n\n### License\n\nCopyright 2010-2024 SonarSource.\n\nLicensed under the [GNU Lesser General Public License, Version 3.0](https://www.gnu.org/licenses/lgpl.txt)\n","funding_links":[],"categories":["Static Code Analysis"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FSonarSource%2Fsonar-php","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FSonarSource%2Fsonar-php","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FSonarSource%2Fsonar-php/lists"}