Skip to content

Phan Converter

phan/phan - GitHub

Note

Available since version 1.0.0

Table Of Contents

  1. Requirements
  2. Installation
  3. Usage
  4. Learn more
  5. IDE Integration
  6. Web SARIF viewer

phan converter

Requirements

  • Phan requires PHP version 7.2.0 or greater, with filter, json and tokenizer extensions loaded
  • This SARIF converter requires at least Phan version 5.0

Installation

composer require --dev phan/phan bartlett/sarif-php-converters

Usage

Warning

As Phan v5 is not able to specify custom printer format, we have no other alternative that using the Console Tool convert command.

Build the checkstyle output report

vendor/bin/phan --directory /absolute/path/to/source/code --absolute-path-issue-messages --output-mode=checkstyle --output=checkstyle.xml

Warning

Be sure to specify --absolute-path-issue-messages, otherwise the Console Tool convert command will raise some warnings about file names.

And finally, convert it to SARIF with the Console Tool

php report-converter convert phan --input-format=checkstyle --input-file=examples/phan/checkstyle.xml -v

Tip

  • Without verbose option (-v) the Console Tool will print a compact SARIF version.
  • --output-file option allows to write a copy of the report to a file. By default, the Console Tool will always print the specified report to the standard output.

Learn more

IDE Integration

The SARIF report file [*].sarif.json is automagically recognized and interpreted by PhpStorm (2024).

PHPStorm integration

Web SARIF viewer

With the React based component, you are able to explore a sarif report file previously generated.

For example:

sarif-web-phan