PHP_CodeSniffer Converter

Note

Available since version 1.0.0

Requirements

PHP_CodeSniffer requires PHP version 5.4.0 or greater, with tokenizer, xmlwriter and simplexml extensions loaded
This SARIF converter requires at least PHP_CodeSniffer version 3.3.0

Installation

composer require --dev squizlabs/php_codesniffer bartlett/sarif-php-converters

Usage

vendor/bin/phpcs --report='\Bartlett\Sarif\Converter\Reporter\PhpCsReport' --standard=examples/phpcs/.phpcs.xml.dist --report-file=examples/phpcs/.sarif.json

Warning

If you have the following error

ERROR: Class file for report "\Bartlett\Sarif\Converter\Reporter\PhpCsReport" not found

That means you've not specified the correct autoloader. Refer to PHP_CodeSniffer config file autoload directive,

How to customize your converter

There are many ways to customize render of your converter.

Make the SARIF report output human-readable

By default, all converters use the default \Bartlett\Sarif\Factory\PhpSerializerFactory to return the SARIF JSON representation of your report.

But this serializer factory component, as native PHP json_encode function, does not use whitespace in returned data to format it.

To make your report human-readable, you have to specify the \JSON_PRETTY_PRINT constant, as encoder option.

Here is the way to do it !

Create your report specialized class

<?php
namespace MyStandard\CS;

use Bartlett\Sarif\Converter\PhpCsConverter;
use Bartlett\Sarif\Converter\Reporter\PhpCsReport;

class MyPhpCsReport extends PhpCsReport
{
    public function __construct()
    {
         parent::__construct(new PhpCsConverter(['format_output' => true]));
   }
}

And finally, print the SARIF report

vendor/bin/phpcs --report=MyPhpCsReport --standard=examples/phpcs/.phpcs.xml.dist

(optional) Use the Console Tool as alternative

If you prefer to convert from a format supported natively by PHPCS, then :

Build the native checkstyle output report

vendor/bin/phpcs --report=checkstyle --report-file=checkstyle.xml /path/to/source/code

And finally, convert it to SARIF with the Console Tool

report-converter convert phpcs --input-format=checkstyle --input-file=examples/phpcs/checkstyle.xml -v

Tip

Without verbose option (-v) the Console Tool will print a compact SARIF version.
--output-file option allows to write a copy of the report to a file. By default, the Console Tool will always print the specified report to the standard output.

Learn more

See demo examples/phpcs/ directory into this repository.
Allow requesting a custom report using the report FQN PHPCS feature is available since v3.3.0

IDE Integration

The SARIF report file [*].sarif.json is automagically recognized and interpreted by PhpStorm (2024).

PHPStorm integration

Web SARIF viewer

With the React based component, you are able to explore a sarif report file previously generated.

For example:

sarif-web-phpcs