Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.
Awesome Lists | Featured Topics | Projects
https://github.com/jakzal/phpqa

Docker image that provides static analysis tools for PHP
https://github.com/jakzal/phpqa
code-quality composer docker docker-image pdepend php php-codesniffer php-cs-fixer phpcpd phpdoc phploc phpmd phpmetrics phpqa phpqatools phpstan phpunit qa qatools static-analysis
Last synced: 29 days ago
JSON representation
Docker image that provides static analysis tools for PHP
Host: GitHub
URL: https://github.com/jakzal/phpqa
Owner: jakzal
License: mit
Created: 2017-07-13T20:55:46.000Z (over 7 years ago)
Default Branch: master
Last Pushed: 2024-08-30T10:46:44.000Z (2 months ago)
Last Synced: 2024-09-28T02:20:58.136Z (about 1 month ago)
Topics: code-quality, composer, docker, docker-image, pdepend, php, php-codesniffer, php-cs-fixer, phpcpd, phpdoc, phploc, phpmd, phpmetrics, phpqa, phpqatools, phpstan, phpunit, qa, qatools, static-analysis
Language: Dockerfile
Homepage: https://hub.docker.com/r/jakzal/phpqa/
Size: 1.1 MB
Stars: 1,207
Watchers: 38
Forks: 68
Open Issues: 3
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- Funding: .github/FUNDING.yml
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
Awesome Lists containing this project

README

        # Static Analysis Tools for PHP

Docker image providing static analysis tools for PHP.

The list of available tools and the installer are actually managed in the [`jakzal/toolbox` repository](https://github.com/jakzal/toolbox).

[![Build Status](https://github.com/jakzal/phpqa/actions/workflows/build.yml/badge.svg)](https://github.com/jakzal/phpqa/actions) [![Docker Pulls](https://img.shields.io/docker/pulls/jakzal/phpqa)](https://hub.docker.com/r/jakzal/phpqa/)

## Supported platforms and PHP versions

Docker hub repository: https://hub.docker.com/r/jakzal/phpqa/

Nightly builds: https://hub.docker.com/r/jakzal/phpqa-nightly/

### Debian

* `latest`, `debian` ([Dockerfile](https://github.com/jakzal/phpqa/blob/master/Dockerfile))

* `1.98.2`, `1.98`, `1.98.2-debian`, `1.98-debian` ([Dockerfile](https://github.com/jakzal/phpqa/blob/v1.98.2/Dockerfile))

* `1.98.2-php8.1`, `1.98-php8.1`, `php8.1-debian`, `php8.1` ([Dockerfile](https://github.com/jakzal/phpqa/blob/v1.98.2/Dockerfile))

* `1.98.2-php8.2`, `1.98-php8.2`, `php8.2-debian`, `php8.2` ([Dockerfile](https://github.com/jakzal/phpqa/blob/v1.98.2/Dockerfile))

* `1.98.2-php8.3`, `1.98-php8.3`, `php8.3-debian`, `php8.3` ([Dockerfile](https://github.com/jakzal/phpqa/blob/v1.98.2/Dockerfile))

### Alpine

* `alpine` ([Dockerfile](https://github.com/jakzal/phpqa/blob/master/Dockerfile))

* `1.98.2-alpine`, `1.98-alpine`, ([Dockerfile](https://github.com/jakzal/phpqa/blob/v1.98.2/Dockerfile))

* `1.98.2-php8.1-alpine`, `1.98-php8.1-alpine`, `php8.1-alpine` ([Dockerfile](https://github.com/jakzal/phpqa/blob/v1.98.2/Dockerfile))

* `1.98.2-php8.2-alpine`, `1.98-php8.2-alpine`, `php8.2-alpine` ([Dockerfile](https://github.com/jakzal/phpqa/blob/v1.98.2/Dockerfile))

* `1.98.2-php8.3-alpine`, `1.98-php8.3-alpine`, `php8.3-alpine` ([Dockerfile](https://github.com/jakzal/phpqa/blob/v1.98.2/Dockerfile))

Updated daily: `latest`, `debian`, `alpine`, `php8.4`, `php8.4-alpine`, etc.

Updated on patch version change: `1.61`, `1.61-php8.4`, `1.61-php8.4-alpine`, etc.

Never updated: `1.61.0`, `1.61.0-php8.4`, `1.61.0-php8.4-alpine`, etc.

### Legacy

These are the latest tags for PHP versions that are no longer supported:

- `1.92.7-php8.0`, `1.93-php8.0`, `php8.0-debian`, `php8.0` ([Dockerfile](https://github.com/jakzal/phpqa/blob/v1.92.7/Dockerfile))

- `1.92.7-php8.0-alpine`, `1.93-php8.0-alpine`, `php8.0-alpine` ([Dockerfile](https://github.com/jakzal/phpqa/blob/v1.92.7/Dockerfile))

- `1.80.0-php7.4`, `1.80-php7.4`, `php7.4-debian`, `php7.4` ([Dockerfile](https://github.com/jakzal/phpqa/blob/v1.80.0/Dockerfile))

- `1.80.0-php7.4-alpine`, `1.80-php7.4-alpine`, `php7.4-alpine` ([Dockerfile](https://github.com/jakzal/phpqa/blob/v1.80.0/Dockerfile))

- `1.61.2-php7.3`, `1.61-php7.3`, `php7.3-debian`, `php7.3` ([debian/Dockerfile](https://github.com/jakzal/phpqa/blob/v1.61.2/debian/Dockerfile))

- `1.61.2-php7.3-alpine`, `1.61-php7.3-alpine`, `php7.3-alpine` ([alpine/Dockerfile](https://github.com/jakzal/phpqa/blob/v1.61.2/alpine/Dockerfile))

- `1.44.0-php7.2`, `1.44-php7.2`, `php7.2` ([7.2/debian/Dockerfile](https://github.com/jakzal/phpqa/blob/v1.44.0/7.2/debian/Dockerfile))

- `1.44.0-php7.2-alpine`, `1.44-php7.2-alpine`, `php7.2-alpine` ([7.2/alpine/Dockerfile](https://github.com/jakzal/phpqa/blob/v1.44.0/7.2/alpine/Dockerfile))

- `1.26.0-php7.1`, `1.26-php7.1`, `php7.1` ([7.1/debian/Dockerfile](https://github.com/jakzal/phpqa/blob/v1.26.0/7.1/debian/Dockerfile))

- `1.26.0-php7.1-alpine`, `1.26-php7.1-alpine`, `php7.1-alpine` ([7.1/alpine/Dockerfile](https://github.com/jakzal/phpqa/blob/v1.26.0/7.1/alpine/Dockerfile))

## Available tools

| Name | Description | PHP 8.1 | PHP 8.2 | PHP 8.3 |

| :--- | :---------- | :------ | :------ | :------ |

| behat | [Helps to test business expectations](http://behat.org/) | ✅ | ✅ | ✅ |

| box | [Fast, zero config application bundler with PHARs](https://github.com/humbug/box) | ❌ | ✅ | ✅ |

| box-3 | [Fast, zero config application bundler with PHARs](https://github.com/humbug/box) | ✅ | ❌ | ✅ |

| churn | [Discovers good candidates for refactoring](https://github.com/bmitch/churn-php) | ✅ | ✅ | ✅ |

| codeception | [Codeception is a BDD-styled PHP testing framework](https://codeception.com/) | ✅ | ✅ | ✅ |

| composer | [Dependency Manager for PHP](https://getcomposer.org/) | ✅ | ✅ | ✅ |

| composer-bin-plugin | [Composer plugin to install bin vendors in isolated locations](https://github.com/bamarni/composer-bin-plugin) | ✅ | ✅ | ✅ |

| composer-normalize | [Composer plugin to normalize composer.json files](https://github.com/ergebnis/composer-normalize) | ✅ | ✅ | ✅ |

| composer-require-checker | [Verify that no unknown symbols are used in the sources of a package.](https://github.com/maglnet/ComposerRequireChecker) | ❌ | ✅ | ✅ |

| composer-require-checker-3 | [Verify that no unknown symbols are used in the sources of a package.](https://github.com/maglnet/ComposerRequireChecker) | ✅ | ✅ | ✅ |

| composer-unused | [Show unused packages by scanning your code](https://github.com/icanhazstring/composer-unused) | ✅ | ✅ | ✅ |

| dephpend | [Detect flaws in your architecture](https://dephpend.com/) | ✅ | ✅ | ✅ |

| deprecation-detector | [Finds usages of deprecated code](https://github.com/sensiolabs-de/deprecation-detector) | ✅ | ✅ | ✅ |

| deptrac | [Enforces dependency rules between software layers](https://github.com/qossmic/deptrac) | ✅ | ✅ | ✅ |

| diffFilter | [Applies QA tools to run on a single pull request](https://github.com/exussum12/coverageChecker) | ✅ | ✅ | ✅ |

| ecs | [Sets up and runs coding standard checks](https://github.com/Symplify/EasyCodingStandard) | ✅ | ✅ | ✅ |

| infection | [AST based PHP Mutation Testing Framework](https://infection.github.io/) | ✅ | ✅ | ✅ |

| larastan | [PHPStan extension for Laravel](https://github.com/nunomaduro/larastan) | ✅ | ✅ | ✅ |

| local-php-security-checker | [Checks composer dependencies for known security vulnerabilities](https://github.com/fabpot/local-php-security-checker) | ✅ | ✅ | ✅ |

| parallel-lint | [Checks PHP file syntax](https://github.com/php-parallel-lint/PHP-Parallel-Lint) | ✅ | ✅ | ✅ |

| paratest | [Parallel testing for PHPUnit](https://github.com/paratestphp/paratest) | ✅ | ✅ | ✅ |

| pdepend | [Static Analysis Tool](https://pdepend.org/) | ✅ | ✅ | ✅ |

| pest | [The elegant PHP Testing Framework](https://github.com/pestphp/pest) | ✅ | ✅ | ✅ |

| phan | [Static Analysis Tool](https://github.com/phan/phan) | ✅ | ✅ | ✅ |

| phive | [PHAR Installation and Verification Environment](https://phar.io/) | ✅ | ✅ | ✅ |

| php-coupling-detector | [Detects code coupling issues](https://akeneo.github.io/php-coupling-detector/) | ❌ | ❌ | ❌ |

| php-cs-fixer | [PHP Coding Standards Fixer](http://cs.symfony.com/) | ✅ | ✅ | ✅ |

| php-fuzzer | [A fuzzer for PHP, which can be used to find bugs in libraries by feeding them 'random' inputs](https://github.com/nikic/PHP-Fuzzer) | ✅ | ✅ | ✅ |

| php-semver-checker | [Suggests a next version according to semantic versioning](https://github.com/tomzx/php-semver-checker) | ✅ | ✅ | ✅ |

| phpa | [Checks for weak assumptions](https://github.com/rskuipers/php-assumptions) | ✅ | ✅ | ✅ |

| phparkitect | [Helps to put architectural constraints in a PHP code base](https://github.com/phparkitect/arkitect) | ✅ | ✅ | ✅ |

| phpat | [Easy to use architecture testing tool](https://github.com/carlosas/phpat) | ✅ | ✅ | ✅ |

| phpbench | [PHP Benchmarking framework](https://github.com/phpbench/phpbench) | ✅ | ✅ | ✅ |

| phpca | [Finds usage of non-built-in extensions](https://github.com/wapmorgan/PhpCodeAnalyzer) | ✅ | ✅ | ✅ |

| phpcb | [PHP Code Browser](https://github.com/mayflower/PHP_CodeBrowser) | ✅ | ✅ | ✅ |

| phpcbf | [Automatically corrects coding standard violations](https://github.com/squizlabs/PHP_CodeSniffer) | ✅ | ✅ | ✅ |

| phpcodesniffer-composer-install | [Easy installation of PHP_CodeSniffer coding standards (rulesets).](https://github.com/Dealerdirect/phpcodesniffer-composer-installer) | ✅ | ✅ | ✅ |

| phpcov | [a command-line frontend for the PHP_CodeCoverage library](https://github.com/sebastianbergmann/phpcov) | ❌ | ✅ | ✅ |

| phpcpd | [Copy/Paste Detector](https://github.com/sebastianbergmann/phpcpd) | ✅ | ✅ | ✅ |

| phpcs | [Detects coding standard violations](https://github.com/squizlabs/PHP_CodeSniffer) | ✅ | ✅ | ✅ |

| phpcs-security-audit | [Finds vulnerabilities and weaknesses related to security in PHP code](https://github.com/FloeDesignTechnologies/phpcs-security-audit) | ✅ | ✅ | ✅ |

| phpdd | [Finds usage of deprecated features](http://wapmorgan.github.io/PhpDeprecationDetector) | ✅ | ✅ | ✅ |

| phpDocumentor | [Documentation generator](https://www.phpdoc.org/) | ✅ | ✅ | ✅ |

| phpinsights | [Analyses code quality, style, architecture and complexity](https://phpinsights.com/) | ✅ | ✅ | ✅ |

| phplint | [Lints php files in parallel](https://github.com/overtrue/phplint) | ✅ | ✅ | ✅ |

| phploc | [A tool for quickly measuring the size of a PHP project](https://github.com/sebastianbergmann/phploc) | ✅ | ✅ | ✅ |

| phpmd | [A tool for finding problems in PHP code](https://phpmd.org/) | ✅ | ✅ | ✅ |

| phpmetrics | [Static Analysis Tool](http://www.phpmetrics.org/) | ✅ | ✅ | ✅ |

| phpmnd | [Helps to detect magic numbers](https://github.com/povils/phpmnd) | ✅ | ✅ | ✅ |

| phpspec | [SpecBDD Framework](http://www.phpspec.net/) | ✅ | ❌ | ❌ |

| phpstan | [Static Analysis Tool](https://github.com/phpstan/phpstan) | ✅ | ✅ | ✅ |

| phpstan-banned-code | [PHPStan rules for detecting calls to specific functions you don't want in your project](https://github.com/ekino/phpstan-banned-code) | ✅ | ✅ | ✅ |

| phpstan-beberlei-assert | [PHPStan extension for beberlei/assert](https://github.com/phpstan/phpstan-beberlei-assert) | ✅ | ✅ | ✅ |

| phpstan-deprecation-rules | [PHPStan rules for detecting deprecated code](https://github.com/phpstan/phpstan-deprecation-rules) | ✅ | ✅ | ✅ |

| phpstan-doctrine | [Doctrine extensions for PHPStan](https://github.com/phpstan/phpstan-doctrine) | ✅ | ✅ | ✅ |

| phpstan-ergebnis-rules | [Additional rules for PHPstan](https://github.com/ergebnis/phpstan-rules) | ✅ | ✅ | ✅ |

| phpstan-exception-rules | [PHPStan rules for checked and unchecked exceptions](https://github.com/pepakriz/phpstan-exception-rules) | ✅ | ✅ | ✅ |

| phpstan-larastan | [Separate installation of phpstan for larastan](https://github.com/phpstan/phpstan) | ✅ | ✅ | ✅ |

| phpstan-phpunit | [PHPUnit extensions and rules for PHPStan](https://github.com/phpstan/phpstan-phpunit) | ✅ | ✅ | ✅ |

| phpstan-strict-rules | [Extra strict and opinionated rules for PHPStan](https://github.com/phpstan/phpstan-strict-rules) | ✅ | ✅ | ✅ |

| phpstan-symfony | [Symfony extension for PHPStan](https://github.com/phpstan/phpstan-symfony) | ✅ | ✅ | ✅ |

| phpstan-webmozart-assert | [PHPStan extension for webmozart/assert](https://github.com/phpstan/phpstan-webmozart-assert) | ✅ | ✅ | ✅ |

| phpunit | [The PHP testing framework](https://phpunit.de/) | ❌ | ✅ | ✅ |

| phpunit-10 | [The PHP testing framework (10.x version)](https://phpunit.de/) | ✅ | ✅ | ✅ |

| phpunit-8 | [The PHP testing framework (8.x version)](https://phpunit.de/) | ✅ | ✅ | ✅ |

| phpunit-9 | [The PHP testing framework (9.x version)](https://phpunit.de/) | ✅ | ✅ | ✅ |

| pint | [Opinionated PHP code style fixer for Laravel](https://github.com/laravel/pint) | ✅ | ✅ | ✅ |

| psalm | [Finds errors in PHP applications](https://psalm.dev/) | ✅ | ✅ | ✅ |

| psalm-plugin-doctrine | [Stubs to let Psalm understand Doctrine better](https://github.com/weirdan/doctrine-psalm-plugin) | ✅ | ✅ | ✅ |

| psalm-plugin-phpunit | [Psalm plugin for PHPUnit](https://github.com/psalm/psalm-plugin-phpunit) | ✅ | ✅ | ✅ |

| psalm-plugin-symfony | [Psalm Plugin for Symfony](https://github.com/psalm/psalm-plugin-symfony) | ✅ | ✅ | ✅ |

| psecio-parse | [Scans code for potential security-related issues](https://github.com/psecio/parse) | ✅ | ✅ | ✅ |

| rector | [Tool for instant code upgrades and refactoring](https://github.com/rectorphp/rector) | ✅ | ✅ | ✅ |

| roave-backward-compatibility-check | [Tool to compare two revisions of a class API to check for BC breaks](https://github.com/Roave/BackwardCompatibilityCheck) | ✅ | ✅ | ✅ |

| simple-phpunit | [Provides utilities to report legacy tests and usage of deprecated code](https://symfony.com/doc/current/components/phpunit_bridge.html) | ✅ | ✅ | ✅ |

| twig-cs-fixer | [Automatically corrects twig files following the official coding standard rules](https://github.com/VincentLanglet/Twig-CS-Fixer) | ✅ | ✅ | ✅ |

| twig-lint | [Standalone cli twig 1.X linter](https://github.com/asm89/twig-lint) | ✅ | ✅ | ✅ |

| twig-linter | [Standalone cli twig 3.X linter](https://github.com/sserbin/twig-linter) | ✅ | ✅ | ✅ |

| twigcs | [The missing checkstyle for twig!](https://github.com/friendsoftwig/twigcs) | ✅ | ✅ | ✅ |

| yaml-lint | [Compact command line utility for checking YAML file syntax](https://github.com/j13k/yaml-lint) | ❌ | ✅ | ✅ |

Each tool is installed in the latest stable version if possible.

Any Docker image has the latest available and installable version at the time of image creation.

## More tools

Some tools are not included in the docker image, to use them refer to their documentation:

* exakat - [a real time PHP static analyser](https://www.exakat.io)

### Removed tools

| Name | Summary |

| :--- | :------ |

| analyze | [Visualizes metrics and source code](https://github.com/Qafoo/QualityAnalyzer) |

| box-legacy | [Legacy version of box](https://box-project.github.io/box2/) |

| composer-normalize | [Composer plugin to normalize composer.json files](https://github.com/localheinz/composer-normalize) |

| design-pattern | [Detects design patterns](https://github.com/Halleck45/DesignPatternDetector) |

| parallel-lint | [Checks PHP file syntax](https://github.com/JakubOnderka/PHP-Parallel-Lint) |

| php-formatter | [Custom coding standards fixer](https://github.com/mmoreram/php-formatter) |

| phpcf | [Finds usage of deprecated features](http://wapmorgan.github.io/PhpCodeFixer/) |

| phpda | [Generates dependency graphs](https://mamuz.github.io/PhpDependencyAnalysis/) |

| phpdoc-to-typehint | [Automatically adds type hints and return types based on PHPDocs](https://github.com/dunglas/phpdoc-to-typehint) |

| phpstan-localheinz-rules | [Additional rules for PHPstan](https://github.com/localheinz/phpstan-rules) |

| security-checker | [Checks composer dependencies for known security vulnerabilities](https://github.com/sensiolabs/security-checker) |

| testability | [Analyses and reports testability issues of a php codebase](https://github.com/edsonmedina/php_testability) |

## Running tools

Pull the image:

```bash

docker pull jakzal/phpqa

```

The default command will list available tools:

```bash

docker run -it --rm jakzal/phpqa

```

To run the selected tool inside the container, you'll need to mount

the project directory on the container with `-v "$(pwd):/project"`.

Some tools like to write to the `/tmp` directory (like PHPStan, or Behat in some cases), therefore it's often useful

to share it between docker runs, i.e. with `-v "$(pwd)/tmp-phpqa:/tmp"`.

If you want to be able to interrupt the selected tool if it takes too much time to complete, you can use the

`--init` option. Please refer to the [docker run documentation](https://docs.docker.com/engine/reference/commandline/run/) for more information.

```bash

docker run --init -it --rm -v "$(pwd):/project" -v "$(pwd)/tmp-phpqa:/tmp" -w /project jakzal/phpqa phpstan analyse src

```

You might want to tweak this command to your needs and create an alias for convenience:

```bash

alias phpqa='docker run --init -it --rm -v "$(pwd):/project" -v "$(pwd)/tmp-phpqa:/tmp" -w /project jakzal/phpqa:alpine'

```

Add it to your `~/.bashrc` so it's defined every time you start a new terminal session.

Now the command becomes a lot simpler:

```bash

phpqa phpstan analyse src

```

## Building the image

```bash

git clone https://github.com/jakzal/phpqa.git

cd phpqa

make build-debian

```

To build the alpine version:

```

make build-alpine

```

## Cookbook

Please check out the [cookbook](docs/cookbook/README.md) for further tips & tricks.

## Contributing

Please read the [Contributing guide](CONTRIBUTING.md) to learn about contributing to this project.

Please note that this project is released with a [Contributor Code of Conduct](CODE_OF_CONDUCT.md).

By participating in this project you agree to abide by its terms.