Skip to content

PHP_CodeSniffer Converter

PHPCSStandards/PHP_CodeSniffer - GitHub

Note

Available since version 1.0.0

Table Of Contents

  1. Requirements
  2. Installation
  3. Usage
  4. How to customize your converter
  5. Learn more
  6. IDE Integration
  7. Web SARIF viewer

phpcs converter

Requirements

  • PHP_CodeSniffer requires PHP version 5.4.0 or greater, with tokenizer, xmlwriter and simplexml extensions loaded
  • This SARIF converter requires at least PHP_CodeSniffer version 3.3.0

Installation

composer require --dev squizlabs/php_codesniffer bartlett/sarif-php-converters

Usage

vendor/bin/phpcs --report='\Bartlett\Sarif\Converter\Reporter\PhpCsReport' --standard=examples/phpcs/.phpcs.xml.dist --report-file=examples/phpcs/.sarif.json

Warning

If you have the following error

ERROR: Class file for report "\Bartlett\Sarif\Converter\Reporter\PhpCsReport" not found

That means you've not specified the correct autoloader. Refer to PHP_CodeSniffer config file autoload directive,

How to customize your converter

There are many ways to customize render of your converter.

Make the SARIF report output human-readable

By default, all converters use the default \Bartlett\Sarif\Factory\PhpSerializerFactory to return the SARIF JSON representation of your report.

But this serializer factory component, as native PHP json_encode function, does not use whitespace in returned data to format it.

To make your report human-readable, you have to specify the \JSON_PRETTY_PRINT constant, as encoder option.

Here is the way to do it !

Step 1: Create your report specialized class :

namespace MyStandard\CS;

use Bartlett\Sarif\Converter\PhpCsConverter;
use Bartlett\Sarif\Converter\Reporter\PhpCsReport;

class MyPhpCsReport extends PhpCsReport
{
    public function __construct()
    {
         parent::__construct(new PhpCsConverter(['format_output' => true]));
   }
}

Step 2: And finally, print the SARIF report

vendor/bin/phpcs --report=MyPhpCsReport --standard=examples/phpcs/.phpcs.xml.dist

(optional) Use the Console Tool as alternative

If you prefer to convert from a format supported natively by PHPCS, then :

Step 1: Build the native checkstyle output report

vendor/bin/phpcs --report=checkstyle --report-file=checkstyle.xml /path/to/source/code

Step 2: And finally, convert it to SARIF with the Console Tool

report-converter convert phpcs --input-format=checkstyle --input-file=examples/phpcs/checkstyle.xml -v

Tip

  • Without verbose option (-v) the Console Tool will print a compact SARIF version.
  • --output-file option allows to write a copy of the report to a file. By default, the Console Tool will always print the specified report to the standard output.

Learn more

IDE Integration

The SARIF report file [*].sarif.json is automagically recognized and interpreted by PhpStorm (2024).

PHPStorm integration

Web SARIF viewer

With the React based component, you are able to explore a sarif report file previously generated.

For example:

sarif-web-phpcs