CTO and co-founder of Signal Sciences. Author and speaker on software engineering, devops, and security.

PHP Static Analysis 2012

Post on Code as Craft on the three level of static analysis used on PHP used at Etsy

Over at the Code as Craft blog by Etsy on how static analysis for PHP was done. Here’s the intro:

At Etsy we have three tiers of static analysis on our PHP code that run on every commit or runs periodically every hour. They form an important part of our continuous deployment pipeline along with one-button deploys, fast unit and functional tests, copious amounts of graphing, and a fantastic development environment to make sure code flows safely and securely to production.

Also check out the presentation on Static Analysis for PHP.

Update 2018: the amount of care and feeding PHP needs is similar to C code. In other words, a lot of care and feeding. It was a massive job to fix up the code base so HpHp can cleanly, but when it did the results were fantastic.

security software php

© 2018 Nick Galbreath