{"id":13816036,"url":"https://github.com/jakzal/phpqa","last_synced_at":"2026-02-16T06:14:06.230Z","repository":{"id":37819110,"uuid":"97164236","full_name":"jakzal/phpqa","owner":"jakzal","description":"Docker image that provides static analysis tools for PHP","archived":false,"fork":false,"pushed_at":"2026-01-19T04:11:23.000Z","size":1294,"stargazers_count":1292,"open_issues_count":2,"forks_count":68,"subscribers_count":33,"default_branch":"master","last_synced_at":"2026-01-19T13:33:54.600Z","etag":null,"topics":["code-quality","composer","docker","docker-image","pdepend","php","php-codesniffer","php-cs-fixer","phpcpd","phpdoc","phploc","phpmd","phpmetrics","phpqa","phpqatools","phpstan","phpunit","qa","qatools","static-analysis"],"latest_commit_sha":null,"homepage":"https://hub.docker.com/r/jakzal/phpqa/","language":"Dockerfile","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jakzal.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":["jakzal"]}},"created_at":"2017-07-13T20:55:46.000Z","updated_at":"2026-01-19T04:11:26.000Z","dependencies_parsed_at":"2023-11-06T22:57:01.904Z","dependency_job_id":"e201be5d-7a34-46ea-83b9-35628c96f02e","html_url":"https://github.com/jakzal/phpqa","commit_stats":{"total_commits":806,"total_committers":19,"mean_commits":"42.421052631578945","dds":0.0880893300248139,"last_synced_commit":"bc99cf0eb79b9f428bfb8960b98bd8c119ecbc61"},"previous_names":[],"tags_count":345,"template":false,"template_full_name":null,"purl":"pkg:github/jakzal/phpqa","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jakzal%2Fphpqa","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jakzal%2Fphpqa/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jakzal%2Fphpqa/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jakzal%2Fphpqa/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jakzal","download_url":"https://codeload.github.com/jakzal/phpqa/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jakzal%2Fphpqa/sbom","scorecard":{"id":503123,"data":{"date":"2025-08-11","repo":{"name":"github.com/jakzal/phpqa","commit":"8431a2ceae64854e1fb43658a47e43839dd1f676"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.7,"checks":[{"name":"Code-Review","score":0,"reason":"Found 1/25 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/build.yml:1","Warn: no topLevel permission defined: .github/workflows/release.yml:1","Warn: no topLevel permission defined: .github/workflows/update-toolbox.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/build.yml:13"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 11 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/jakzal/phpqa/build.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:79: update your workflow using https://app.stepsecurity.io/secureworkflow/jakzal/phpqa/build.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:82: update your workflow using https://app.stepsecurity.io/secureworkflow/jakzal/phpqa/build.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/jakzal/phpqa/build.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:92: update your workflow using https://app.stepsecurity.io/secureworkflow/jakzal/phpqa/build.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:111: update your workflow using https://app.stepsecurity.io/secureworkflow/jakzal/phpqa/build.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:148: update your workflow using https://app.stepsecurity.io/secureworkflow/jakzal/phpqa/build.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:182: update your workflow using https://app.stepsecurity.io/secureworkflow/jakzal/phpqa/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/jakzal/phpqa/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-toolbox.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/jakzal/phpqa/update-toolbox.yml/master?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:10","Warn: containerImage not pinned by hash: Dockerfile:22","Warn: containerImage not pinned by hash: Dockerfile:31","Warn: containerImage not pinned by hash: Dockerfile:35","Warn: containerImage not pinned by hash: Dockerfile:43","Warn: containerImage not pinned by hash: Dockerfile:50","Warn: containerImage not pinned by hash: Dockerfile:55","Warn: containerImage not pinned by hash: Dockerfile:64","Warn: containerImage not pinned by hash: Dockerfile:75","Warn: containerImage not pinned by hash: Dockerfile:80","Warn: containerImage not pinned by hash: Dockerfile:85","Warn: containerImage not pinned by hash: Dockerfile:90","Warn: containerImage not pinned by hash: Dockerfile:95","Warn: containerImage not pinned by hash: Dockerfile:100","Warn: containerImage not pinned by hash: Dockerfile:105","Warn: containerImage not pinned by hash: Dockerfile:133","Warn: containerImage not pinned by hash: Dockerfile:140","Warn: containerImage not pinned by hash: Dockerfile:186","Warn: containerImage not pinned by hash: Dockerfile:199","Info:   0 out of   3 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   7 third-party GitHubAction dependencies pinned","Info:   0 out of  19 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}}]},"last_synced_at":"2025-08-19T22:31:22.799Z","repository_id":37819110,"created_at":"2025-08-19T22:31:22.799Z","updated_at":"2025-08-19T22:31:22.799Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29501719,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-16T05:57:17.024Z","status":"ssl_error","status_checked_at":"2026-02-16T05:56:49.929Z","response_time":115,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["code-quality","composer","docker","docker-image","pdepend","php","php-codesniffer","php-cs-fixer","phpcpd","phpdoc","phploc","phpmd","phpmetrics","phpqa","phpqatools","phpstan","phpunit","qa","qatools","static-analysis"],"created_at":"2024-08-04T05:00:31.550Z","updated_at":"2026-02-16T06:14:06.223Z","avatar_url":"https://github.com/jakzal.png","language":"Dockerfile","funding_links":["https://github.com/sponsors/jakzal"],"categories":["Dockerfile","Programming Languages"],"sub_categories":[],"readme":"# Static Analysis Tools for PHP\n\nDocker image providing static analysis tools for PHP.\nThe list of available tools and the installer are actually managed in the [`jakzal/toolbox` repository](https://github.com/jakzal/toolbox).\n\n[![Build Status](https://github.com/jakzal/phpqa/actions/workflows/build.yml/badge.svg)](https://github.com/jakzal/phpqa/actions) [![Docker Pulls](https://img.shields.io/docker/pulls/jakzal/phpqa)](https://hub.docker.com/r/jakzal/phpqa/)\n\n## Supported platforms and PHP versions\n\nDocker hub repository: https://hub.docker.com/r/jakzal/phpqa/\n\n### Debian\n\n* `latest`, `debian` ([Dockerfile](https://github.com/jakzal/phpqa/blob/master/Dockerfile))\n* `1.120.1`, `1.120`, `1.120.1-debian`, `1.120-debian` ([Dockerfile](https://github.com/jakzal/phpqa/blob/v1.120.1/Dockerfile))\n* `1.120.1-php8.2`, `1.120-php8.2`, `php8.2-debian`, `php8.2` ([Dockerfile](https://github.com/jakzal/phpqa/blob/v1.120.1/Dockerfile))\n* `1.120.1-php8.3`, `1.120-php8.3`, `php8.3-debian`, `php8.3` ([Dockerfile](https://github.com/jakzal/phpqa/blob/v1.120.1/Dockerfile))\n* `1.120.1-php8.4`, `1.120-php8.4`, `php8.4-debian`, `php8.4` ([Dockerfile](https://github.com/jakzal/phpqa/blob/v1.120.1/Dockerfile))\n* `1.120.1-php8.5`, `1.120-php8.5`, `php8.5-debian`, `php8.5` ([Dockerfile](https://github.com/jakzal/phpqa/blob/v1.120.1/Dockerfile))\n\n### Alpine\n\n* `alpine` ([Dockerfile](https://github.com/jakzal/phpqa/blob/master/Dockerfile))\n* `1.120.1-alpine`, `1.120-alpine`, ([Dockerfile](https://github.com/jakzal/phpqa/blob/v1.120.1/Dockerfile))\n* `1.120.1-php8.2-alpine`, `1.120-php8.2-alpine`, `php8.2-alpine` ([Dockerfile](https://github.com/jakzal/phpqa/blob/v1.120.1/Dockerfile))\n* `1.120.1-php8.3-alpine`, `1.120-php8.3-alpine`, `php8.3-alpine` ([Dockerfile](https://github.com/jakzal/phpqa/blob/v1.120.1/Dockerfile))\n* `1.120.1-php8.4-alpine`, `1.120-php8.4-alpine`, `php8.4-alpine` ([Dockerfile](https://github.com/jakzal/phpqa/blob/v1.120.1/Dockerfile))\n* `1.120.1-php8.5-alpine`, `1.120-php8.5-alpine`, `php8.5-alpine` ([Dockerfile](https://github.com/jakzal/phpqa/blob/v1.120.1/Dockerfile))\n\n\nUpdated daily: `latest`, `debian`, `alpine`, `php8.5`, `php8.5-alpine`, etc.\nUpdated on patch version change: `1.61`, `1.61-php8.5`, `1.61-php8.5-alpine`, etc.\nNever updated: `1.61.0`, `1.61.0-php8.5`, `1.61.0-php8.5-alpine`, etc.\n\n### Legacy\n\nThese are the latest tags for PHP versions that are no longer supported:\n\n- `1.105.0-php8.1`, `1.105-php8.1`, `php8.1-debian`, `php8.1` ([Dockerfile](https://github.com/jakzal/phpqa/blob/v1.105.0/Dockerfile))\n- `1.105.0-php8.1-alpine`, `1.105-php8.1-alpine`, `php8.1-alpine` ([Dockerfile](https://github.com/jakzal/phpqa/blob/v1.105.0/Dockerfile))\n- `1.92.7-php8.0`, `1.93-php8.0`, `php8.0-debian`, `php8.0` ([Dockerfile](https://github.com/jakzal/phpqa/blob/v1.92.7/Dockerfile))\n- `1.92.7-php8.0-alpine`, `1.93-php8.0-alpine`, `php8.0-alpine` ([Dockerfile](https://github.com/jakzal/phpqa/blob/v1.92.7/Dockerfile))\n- `1.80.0-php7.4`, `1.80-php7.4`, `php7.4-debian`, `php7.4` ([Dockerfile](https://github.com/jakzal/phpqa/blob/v1.80.0/Dockerfile))\n- `1.80.0-php7.4-alpine`, `1.80-php7.4-alpine`, `php7.4-alpine` ([Dockerfile](https://github.com/jakzal/phpqa/blob/v1.80.0/Dockerfile))\n- `1.61.2-php7.3`, `1.61-php7.3`, `php7.3-debian`, `php7.3` ([debian/Dockerfile](https://github.com/jakzal/phpqa/blob/v1.61.2/debian/Dockerfile))\n- `1.61.2-php7.3-alpine`, `1.61-php7.3-alpine`, `php7.3-alpine` ([alpine/Dockerfile](https://github.com/jakzal/phpqa/blob/v1.61.2/alpine/Dockerfile))\n- `1.44.0-php7.2`, `1.44-php7.2`, `php7.2` ([7.2/debian/Dockerfile](https://github.com/jakzal/phpqa/blob/v1.44.0/7.2/debian/Dockerfile))\n- `1.44.0-php7.2-alpine`, `1.44-php7.2-alpine`, `php7.2-alpine` ([7.2/alpine/Dockerfile](https://github.com/jakzal/phpqa/blob/v1.44.0/7.2/alpine/Dockerfile))\n- `1.26.0-php7.1`, `1.26-php7.1`, `php7.1` ([7.1/debian/Dockerfile](https://github.com/jakzal/phpqa/blob/v1.26.0/7.1/debian/Dockerfile))\n- `1.26.0-php7.1-alpine`, `1.26-php7.1-alpine`, `php7.1-alpine` ([7.1/alpine/Dockerfile](https://github.com/jakzal/phpqa/blob/v1.26.0/7.1/alpine/Dockerfile))\n\n## Available tools\n\n| Name | Description | PHP 8.2 | PHP 8.3 | PHP 8.4 | PHP 8.5 |\n| :--- | :---------- | :------ | :------ | :------ | :------ |\n| behat | [Helps to test business expectations](http://behat.org/) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| box | [Fast, zero config application bundler with PHARs](https://github.com/humbug/box) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| churn | [Discovers good candidates for refactoring](https://github.com/bmitch/churn-php) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| codeception | [Codeception is a BDD-styled PHP testing framework](https://codeception.com/) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x274C; |\n| composer | [Dependency Manager for PHP](https://getcomposer.org/) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| composer-bin-plugin | [Composer plugin to install bin vendors in isolated locations](https://github.com/bamarni/composer-bin-plugin) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| composer-lock-diff | [Composer plugin to check what has changed after a composer update](https://github.com/davidrjonas/composer-lock-diff) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| composer-normalize | [Composer plugin to normalize composer.json files](https://github.com/ergebnis/composer-normalize) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| composer-require-checker | [Verify that no unknown symbols are used in the sources of a package.](https://github.com/maglnet/ComposerRequireChecker) | \u0026#x274C; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| composer-require-checker-3 | [Verify that no unknown symbols are used in the sources of a package.](https://github.com/maglnet/ComposerRequireChecker) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| composer-unused | [Show unused packages by scanning your code](https://github.com/icanhazstring/composer-unused) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| cyclonedx-php-composer | [Composer plugin to create Software-Bill-of-Materials (SBOM) in CycloneDX format](https://github.com/CycloneDX/cyclonedx-php-composer) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| dephpend | [Detect flaws in your architecture](https://dephpend.com/) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| deprecation-detector | [Finds usages of deprecated code](https://github.com/sensiolabs-de/deprecation-detector) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| deptrac | [Enforces dependency rules between software layers](https://github.com/deptrac/deptrac) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| diffFilter | [Applies QA tools to run on a single pull request](https://github.com/exussum12/coverageChecker) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| ecs | [Sets up and runs coding standard checks](https://github.com/Symplify/EasyCodingStandard) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| gherkin-lint-php | [Gherkin linter for PHP](https://github.com/dantleech/gherkin-lint-php) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| infection | [AST based PHP Mutation Testing Framework](https://infection.github.io/) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| jack | [Helps to upgrade outdated Composer dependencies incrementally](https://github.com/rectorphp/jack) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| kahlan | [Kahlan is a full-featured Unit \u0026 BDD test framework a la RSpec/JSpec](https://kahlan.github.io/docs/) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| larastan | [PHPStan extension for Laravel](https://github.com/nunomaduro/larastan) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| lines | [CLI tool for quick metrics of PHP projects](https://github.com/tomasVotruba/lines) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| local-php-security-checker | [Checks composer dependencies for known security vulnerabilities](https://github.com/fabpot/local-php-security-checker) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| parallel-lint | [Checks PHP file syntax](https://github.com/php-parallel-lint/PHP-Parallel-Lint) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| paratest | [Parallel testing for PHPUnit](https://github.com/paratestphp/paratest) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| pdepend | [Static Analysis Tool](https://pdepend.org/) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| phan | [Static Analysis Tool](https://github.com/phan/phan) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| phive | [PHAR Installation and Verification Environment](https://phar.io/) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| php-cs-fixer | [PHP Coding Standards Fixer](http://cs.symfony.com/) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| php-fuzzer | [A fuzzer for PHP, which can be used to find bugs in libraries by feeding them 'random' inputs](https://github.com/nikic/PHP-Fuzzer) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| php-semver-checker | [Suggests a next version according to semantic versioning](https://github.com/tomzx/php-semver-checker) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| phpa | [Checks for weak assumptions](https://github.com/rskuipers/php-assumptions) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| phparkitect | [Helps to put architectural constraints in a PHP code base](https://github.com/phparkitect/arkitect) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| phpat | [Easy to use architecture testing tool](https://github.com/carlosas/phpat) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| phpbench | [PHP Benchmarking framework](https://github.com/phpbench/phpbench) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| phpca | [Finds usage of non-built-in extensions](https://github.com/wapmorgan/PhpCodeAnalyzer) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| phpcb | [PHP Code Browser](https://github.com/mayflower/PHP_CodeBrowser) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| phpcbf | [Automatically corrects coding standard violations](https://github.com/PHPCSStandards/PHP_CodeSniffer) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| phpcodesniffer-composer-install | [Easy installation of PHP_CodeSniffer coding standards (rulesets).](https://github.com/PHPCSStandards/composer-installer) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| phpcov | [a command-line frontend for the PHP_CodeCoverage library](https://github.com/sebastianbergmann/phpcov) | \u0026#x274C; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| phpcpd | [Copy/Paste Detector](https://github.com/sebastianbergmann/phpcpd) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| phpcs | [Detects coding standard violations](https://github.com/PHPCSStandards/PHP_CodeSniffer) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| phpcs-security-audit | [Finds vulnerabilities and weaknesses related to security in PHP code](https://github.com/FloeDesignTechnologies/phpcs-security-audit) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| phpdd | [Finds usage of deprecated features](http://wapmorgan.github.io/PhpDeprecationDetector) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| phpDocumentor | [Documentation generator](https://www.phpdoc.org/) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| phpinsights | [Analyses code quality, style, architecture and complexity](https://phpinsights.com/) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| phplint | [Lints php files in parallel](https://github.com/overtrue/phplint) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| phploc | [A tool for quickly measuring the size of a PHP project](https://github.com/sebastianbergmann/phploc) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| phpmd | [A tool for finding problems in PHP code](https://phpmd.org/) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| phpmetrics | [Static Analysis Tool](http://www.phpmetrics.org/) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| phpmnd | [Helps to detect magic numbers](https://github.com/povils/phpmnd) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| phpspec | [SpecBDD Framework](http://www.phpspec.net/) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x274C; |\n| phpstan | [Static Analysis Tool](https://github.com/phpstan/phpstan) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| phpstan-banned-code | [PHPStan rules for detecting calls to specific functions you don't want in your project](https://github.com/ekino/phpstan-banned-code) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| phpstan-beberlei-assert | [PHPStan extension for beberlei/assert](https://github.com/phpstan/phpstan-beberlei-assert) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| phpstan-deprecation-rules | [PHPStan rules for detecting deprecated code](https://github.com/phpstan/phpstan-deprecation-rules) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| phpstan-doctrine | [Doctrine extensions for PHPStan](https://github.com/phpstan/phpstan-doctrine) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| phpstan-ergebnis-rules | [Additional rules for PHPstan](https://github.com/ergebnis/phpstan-rules) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| phpstan-larastan | [Separate installation of phpstan for larastan](https://github.com/phpstan/phpstan) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| phpstan-phpunit | [PHPUnit extensions and rules for PHPStan](https://github.com/phpstan/phpstan-phpunit) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| phpstan-strict-rules | [Extra strict and opinionated rules for PHPStan](https://github.com/phpstan/phpstan-strict-rules) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| phpstan-symfony | [Symfony extension for PHPStan](https://github.com/phpstan/phpstan-symfony) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| phpstan-webmozart-assert | [PHPStan extension for webmozart/assert](https://github.com/phpstan/phpstan-webmozart-assert) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| phpunit | [The PHP testing framework](https://phpunit.de/) | \u0026#x274C; | \u0026#x274C; | \u0026#x2705; | \u0026#x2705; |\n| phpunit-10 | [The PHP testing framework (10.x version)](https://phpunit.de/) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| phpunit-11 | [The PHP testing framework (11.x version)](https://phpunit.de/) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| phpunit-12 | [The PHP testing framework (12.x version)](https://phpunit.de/) | \u0026#x274C; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| phpunit-8 | [The PHP testing framework (8.x version)](https://phpunit.de/) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| phpunit-9 | [The PHP testing framework (9.x version)](https://phpunit.de/) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| pint | [Opinionated PHP code style fixer for Laravel](https://github.com/laravel/pint) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| psalm | [Finds errors in PHP applications](https://psalm.dev/) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| psalm-plugin-doctrine | [Stubs to let Psalm understand Doctrine better](https://github.com/weirdan/doctrine-psalm-plugin) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| psalm-plugin-phpunit | [Psalm plugin for PHPUnit](https://github.com/psalm/psalm-plugin-phpunit) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| psalm-plugin-symfony | [Psalm Plugin for Symfony](https://github.com/psalm/psalm-plugin-symfony) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| psecio-parse | [Scans code for potential security-related issues](https://github.com/psecio/parse) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| rector | [Tool for instant code upgrades and refactoring](https://github.com/rectorphp/rector) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| roave-backward-compatibility-check | [Tool to compare two revisions of a class API to check for BC breaks](https://github.com/Roave/BackwardCompatibilityCheck) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| simple-phpunit | [Provides utilities to report legacy tests and usage of deprecated code](https://symfony.com/doc/current/components/phpunit_bridge.html) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| twig-cs-fixer | [Automatically corrects twig files following the official coding standard rules](https://github.com/VincentLanglet/Twig-CS-Fixer) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| twig-lint | [Standalone cli twig 1.X linter](https://github.com/asm89/twig-lint) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| twig-linter | [Standalone cli twig 3.X linter](https://github.com/sserbin/twig-linter) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n| twigcs | [The missing checkstyle for twig!](https://github.com/friendsoftwig/twigcs) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x274C; |\n| yaml-lint | [Compact command line utility for checking YAML file syntax](https://github.com/j13k/yaml-lint) | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; | \u0026#x2705; |\n\n## More tools\n\nSome tools are not included in the docker image, to use them refer to their documentation:\n\n* exakat - [a real time PHP static analyser](https://www.exakat.io)\n\n### Removed tools\n\n| Name | Summary |\n| :--- | :------ |\n| analyze | [Visualizes metrics and source code](https://github.com/Qafoo/QualityAnalyzer) |\n| box-legacy | [Legacy version of box](https://box-project.github.io/box2/) |\n| design-pattern | [Detects design patterns](https://github.com/Halleck45/DesignPatternDetector) |\n| parallel-lint | [Checks PHP file syntax](https://github.com/JakubOnderka/PHP-Parallel-Lint) |\n| pest | [The elegant PHP Testing Framework](https://github.com/pestphp/pest) |\n| php-coupling-detector | [Detects code coupling issues](https://akeneo.github.io/php-coupling-detector/) |\n| php-formatter | [Custom coding standards fixer](https://github.com/mmoreram/php-formatter) |\n| phpcf | [Finds usage of deprecated features](http://wapmorgan.github.io/PhpCodeFixer/) |\n| phpda | [Generates dependency graphs](https://mamuz.github.io/PhpDependencyAnalysis/) |\n| phpdoc-to-typehint | [Automatically adds type hints and return types based on PHPDocs](https://github.com/dunglas/phpdoc-to-typehint) |\n| phpstan-exception-rules | [PHPStan rules for checked and unchecked exceptions](https://github.com/pepakriz/phpstan-exception-rules) |\n| phpstan-localheinz-rules | [Additional rules for PHPstan](https://github.com/localheinz/phpstan-rules) |\n| security-checker | [Checks composer dependencies for known security vulnerabilities](https://github.com/sensiolabs/security-checker) |\n| testability | [Analyses and reports testability issues of a php codebase](https://github.com/edsonmedina/php_testability) |\n\n## Running tools\n\nPull the image:\n\n```bash\ndocker pull jakzal/phpqa\n```\n\nThe default command will list available tools:\n\n```bash\ndocker run -it --rm jakzal/phpqa\n```\n\nTo run the selected tool inside the container, you'll need to mount\nthe project directory on the container with `-v \"$(pwd):/project\"`.\nSome tools like to write to the `/tmp` directory (like PHPStan, or Behat in some cases), therefore it's often useful\nto share it between docker runs, i.e. with `-v \"$(pwd)/tmp-phpqa:/tmp\"`.\nIf you want to be able to interrupt the selected tool if it takes too much time to complete, you can use the\n`--init` option. Please refer to the [docker run documentation](https://docs.docker.com/engine/reference/commandline/run/) for more information.\n\n```bash\ndocker run --init -it --rm -v \"$(pwd):/project\" -v \"$(pwd)/tmp-phpqa:/tmp\" -w /project jakzal/phpqa phpstan analyse src\n```\n\nYou might want to tweak this command to your needs and create an alias for convenience:\n\n```bash\nalias phpqa='docker run --init -it --rm -v \"$(pwd):/project\" -v \"$(pwd)/tmp-phpqa:/tmp\" -w /project jakzal/phpqa:alpine'\n```\n\nAdd it to your `~/.bashrc` so it's defined every time you start a new terminal session.\n\nNow the command becomes a lot simpler:\n\n```bash\nphpqa phpstan analyse src\n```\n\n## Building the image\n\n```bash\ngit clone https://github.com/jakzal/phpqa.git\ncd phpqa\nmake build-debian\n```\n\nTo build the alpine version:\n\n```\nmake build-alpine\n```\n\n## Cookbook\n\nPlease check out the [cookbook](docs/cookbook/README.md) for further tips \u0026 tricks.\n\n## Contributing\n\nPlease read the [Contributing guide](CONTRIBUTING.md) to learn about contributing to this project.\nPlease note that this project is released with a [Contributor Code of Conduct](CODE_OF_CONDUCT.md).\nBy participating in this project you agree to abide by its terms.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjakzal%2Fphpqa","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjakzal%2Fphpqa","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjakzal%2Fphpqa/lists"}