Weave Code
Code Weaver
Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.
Feedback
Share your thoughts, report bugs, or suggest improvements.
Subject
Message
Log in Register
Home
Packages
Phpstan Sarif Formatter
Readme

Phpstan Sarif Formatter Laravel Package

jbelien/phpstan-sarif-formatter

SARIF error formatter for PHPStan (1.x/2.x). Outputs analysis results as SARIF JSON for easy integration with GitHub Code Scanning and CI pipelines. Configure via phpstan.neon and run phpstan analyze --error-format=sarif.

View on GitHub
Deep Wiki
Context7

SARIF formatter for PHPStan

🔖 Compatible with PHPStan 1.x and 2.x

PHPStan

PHPStan focuses on finding errors in your code without actually running it. It catches whole classes of bugs even before you write tests for the code. It moves PHP closer to compiled languages in the sense that the correctness of each line of the code can be checked before you run the actual line.

https://phpstan.org/

Static Analysis Results Interchange Format (SARIF)

SARIF, the Static Analysis Results Interchange Format, is a standard, JSON-based format for the output of static analysis tool.
It has been approved as an OASIS standard.

SARIF is a rich format intended to meet the needs of sophisticated tools, while still being practical for use by simpler tools. Because it would be impractical to support every feature of every tool, SARIF provides an extensibility mechanism to allow tool authors to store custom data that the SARIF format doesn't directly represent.

https://docs.oasis-open.org/sarif/sarif/v2.0/sarif-v2.0.html

Usage

composer require --dev phpstan/phpstan jbelien/phpstan-sarif-formatter

Then update your phpstan.neon configuration file:

services:
    errorFormatter.sarif:
        class: PHPStanSarifErrorFormatter\SarifErrorFormatter
        arguments:
            relativePathHelper: @simpleRelativePathHelper
            currentWorkingDirectory: %currentWorkingDirectory%
            pretty: true

GitHub Code Scanning

Documentation: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning

GitHub Code Scanning features are compatible with SARIF.
The SARIF Formatter for PHPStan allows you to use PHPStan as GitHub Code Scanning tool.

To use in one of your GitHub Actions workflows, add the following in your job:

- name: Run PHPStan
  continue-on-error: true
  run: phpstan analyze --error-format=sarif > phpstan-results.sarif

- name: Upload analysis results to GitHub
  uses: github/codeql-action/upload-sarif@v2
  with:
    sarif_file: phpstan-results.sarif
    wait-for-processing: true

It will display PHPStan error messages in your PR (check this PR) and add alerts in the "Code scanning" report in "Security" tab of your project (see screenshot below).

Screenshot

Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.
Prompt
Add packages to context
No packages found.
milito/query-filter
apiboxsym/user-bundle
apiboxsym/health-check-bundle
jayeshmepani/jpl-moshier-ephemeris-php
elnasnato/laraliveui
labrodev/rest-sdk
sampaui/sampaui
babelqueue/php-sdk
facebook/capi-param-builder-php
babelqueue/symfony
hamzi/corewatch
minionfactory/raw-hydrator
hexters/coinpayment
rjcodes/rjcms
act-training/laravel-permissions-manager
alimarchal/laravel-chart-of-accounts
babenkoivan/elastic-scout-driver
mkwebdesign/filament-watchdog-v5
renatomarinho/laravel-page-speed
zedmagdy/filament-business-hours