Psalm Converter
Note
Available since version 1.0.0
Table Of Contents
Requirements
- Psalm requires PHP version 7.4.0 or greater, with
json,dom,ctype,mbstring,tokenizer,libxmlandsimplexmlextensions loaded - This SARIF converter requires at least Psalm version 5.0
Until introduces absolutePathReporting configuration setting is accepted and included into one official Psalm v5 release,
you can use such composer.json requirements :
{
"repositories": [
{
"type": "vcs",
"url": "https://github.com/llaville/psalm"
}
],
"minimum-stability": "dev",
"require-dev": {
"vimeo/psalm": "dev-reporting-with-absolute-path as 5.x-dev"
}
}
Installation
composer require --dev vimeo/psalm bartlett/sarif-php-converters
Usage
Warning
As Psalm v5 is not able to specify/boot custom renderer easily, we have no other alternative that using the Console Tool convert command.
Step 1: Initialize Psalm configuration file psalm.xml
vendor/bin/psalm path/to/source --init
Warning
Be sure to specify absolute path reporting (absolutePathReporting="true") into psalm.xml config file,
otherwise the Console Tool convert command will raise some warnings about file names.
Step 2: Build the checkstyle output report
vendor/bin/psalm --report=psalm.checkstyle.xml
Step 3: And finally, convert it to SARIF normalized with the Console Tool
php report-converter convert psalm --input-format=checkstyle --input-file=examples/psalm/psalm.checkstyle.xml -v
Tip
- Without verbose option (
-v) the Console Tool will print a compact SARIF version. --output-fileoption allows to write a copy of the report to a file. By default, the Console Tool will always print the specified report to the standard output.
Learn more
- See demo
examples/psalm/directory into this repository.
IDE Integration
The SARIF report file [*].sarif.json is automagically recognized and interpreted by PhpStorm (2024).
Web SARIF viewer
With the React based component, you are able to explore a sarif report file previously generated.
For example:
