2. Introducing myself
• The author of Php Inspections (EA Extended)
o A plugin for PhpStorm adding strong code semantics analysis
• A contributor of Symfony 1.5 and Symfony 2
o With SCA focus of course
• A contributor of PHP CS Fixer
o SCA and contributed fixers
• Background is PHP/Java Expert level in Enterprise
4. PHP
• I love the community and hate language itself (not only me)
• Infrastructure around PHP is great (Composer, ZF, Symfony, Yii,
Hosting and etc.)
• Php has low entry level for new developers (hits code quality)
• Php has 2 really important characteristics (hits apps life-cycle)
o It’s fast to go on a market when you develop apps in PHP
o It’s painful to maintain survived applications
5. Modern software
• Getting more complex with each year
o Increases maintenance costs and complexity
o Requires more intelligent tools
• Continuous Integration and Delivery
o Increases costs of failures at delivery phase
o Raises additional stability requirements to development processes
• Agile development processes
o Affects code quality and introducing un-finished code/features
o Requires more intelligent tools
9. Let’s dig dipper…
• Code Style (formatting, naming, spaghetti code)
o Can be covered by existing (“old”) tools, so easily solvable
• Lack of API knowledge
o Remember low entry level of PHP
o You have to educate people (or tools can do it just during development)
• Obviously inefficient code constructs
o Remember low entry level of PHP
o Remember Agile processes
o You have to reject this (or tools can do it just during development)
• Lack of team experience
o That’s team work (but tools still can educate during development)
12. Generations of SCA tools
• 1st generation
o Eclipse and other first IDEs
o PHP CodeSniffer
• 2nd generation
o JetBrains IDEs + SCA plugins
o SensioLabs Insight, Scritinizer, SonarCube
o Exacat, PHP CS Fixer
• 3rd generation
o We’ll see them soon, expert systems specialized on code defects
o SCA tools based on PHP 7 real PSI tree (presented in JB IDEs currently)
13. Semantic Analyzers
• Php Inspections (EA Extended)
o Targeting transition of 2nd and 3rd generation tools
o Expert-level code reviews
o “In-stream" analysis, when developers are not disturbed
o Productivity booster (automated code adjustments)
o CI usage available
o Requires no configurations at start, just install the plugin
• Exakat
o Targeting transition of 2nd and 3rd generation tools
o CI/local usage available
o Expert-level code reviews
14. Code Style
• Php CodeSniffer (a 1st generation tool)
o CI/local usage available
o Reports code style violations
o Customizable and extendable
• PHP CS Fixer (a 2nd generation tool)
o CI/local usage available
o Fixes code style violations
o Customizable and extendable
15. SaaS alternatives
SensioLabs Insight
• Framework/CSM centric
• Good technical debt estimation
• 2nd generation tool
Scrutinizer
• Plays nicely with Open Source
• A little bit noisy
• Based on 1st generation tools ("old” tools)
16. In between:
• Based on 1st generation toolst
o But exists “Sonar way” rules
o Only reports issues
o Requires initial configuration, or not really usable
• IDEs integration
• Multi-language projects supported
o But unfortunately not all
• Integrated metrics and code style presets