PHP download

Download the PHP package dave-liddament/sarb without Composer

On this page you can find all versions of the php package dave-liddament/sarb. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

Table of contents
Download dave-liddament/sarb
More information about dave-liddament/sarb
Files in dave-liddament/sarb

Vendor dave-liddament
Package sarb
Short Description Provides tools for baselining static analysis results and comparing against that baseline
License MIT

Keywords php static analysis baseline

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:

If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.

Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
To use Composer is sometimes complicated. Especially for beginners.
Composer needs much resources. Sometimes they are not available on a simple webspace.
If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.

Please rate this library. Is it a good library?

Example code of dave-liddament/sarb

Informations about the package sarb

Static Analysis Results Baseliner (SARB)

Why SARB
Requirements
Installing
Using SARB
Further reading

Why SARB?

If you've tried to introduce advanced static analysis tools (e.g. Psalm, PHPStan) to legacy projects the tools have probably reported thousands of problems. It's unrealistic to fix all but the most critical ones before continuing development.

SARB is used to create a baseline of these results. As work on the project progresses SARB takes the latest static analysis results, removes those issues in the baseline and report the issues raised since the baseline. SARB does this, in conjunction with git, by tracking lines of code between commits. Currently, SARB only supports git, but it is possible to add support for other SCMs.

SARB is written in PHP, however it can be used to baseline results for any language and any static analysis tool.

Why not SARB?

SARB should not be used on greenfield projects. If you're lucky enough to work on a greenfield project make sure you fix all problems raised by static analysis as you go along.

Requirements

Currently, SARB only supports projects that use git.

SARB requires PHP >= 8.0 to run. The project being analysed does not need to run PHP 8.0 or even be a PHP project at all.

Installing

You can either add directly to the project you wish to run analysis on:

Or you can install SARB globally (e.g. if you want to use it on a non PHP project):

If you install globally make sure the composer bin directory is in your path.

Using SARB

If you're using version 0.x see the upgrade.

1. Make sure the current git commit is the one to be used in the baseline

When creating the baseline, SARB needs to know the git commit SHA of the baseline. Make sure your code is in the state you want it to be in for the baseline and that the current commit represents that state.

2. Create the baseline

Run the static analyser of choice and pipe the results into SARB:

E.g. using Psalm's JSON output:

This creates a baseline file called psalm.baseline. You'll want to check this in to your repository.

3. Update code and then use SARB to remove baseline results

Continue coding. Then rerun static analyser and pipe results into SARB:

Running SARB from a global installation

If you are running SARB from a global installation you will need to specify the root of the project (where the .git directory lives). The above would become:

Supported tools

To see a list of supported tools and formats use:

How to create and remove baseline for each supported tool:

PHP CodeSniffer

Phan

See notes on relative paths.

Exakat

PHPMD

Psalm

NOTE: Checkout Psalm's built in baseline feature. Learn how it differs from SARB.

PHPStan

NOTE: Checkout PHPStan's built in baseline feature. Learn how it differs from SARB.

PHP Magic Number Detector

See notes on relative paths.

My tool isn't supported...

That's no problem there are 3 methods to integrate a static analysis tool with SARB.

Output formats

The format for showing issues after the baseline is removed can be specified using --output-format option. Possible values are: table, text, json or github (for Github actions).

Ignoring warnings

Some static analysis tools (e.g. PHP Code Sniffer) classify issues wth a severity or either error or warning. By default, SARB will report all of these. If you wish to ignore warnings you can use the --ignore-warnings option.

E.g.

SARB with Github Actions

If you're using actions/checkout@v2 to check out your code you'll need to add set fetch-depth to 0. By default checkout only gets that latest state of the code and none of the history. SARB uses git, which needs the full git history, to track file changes since the baseline. To get the full history checked out use this:

Also don't forget to use the SARB option --output-format=github. It will annotate your PR with any issues that have been added since the baseline.

Gradually improving the codebase

In an ideal world SARB should not be required. SARB prevents you from adding new issues to your codebase.

It also provides a --clean-up option when running remove. Running SARB with this option will pick out 5 random issues that are still in the baseline. Challenge your team to fix 5 issues in the baseline every day. Over a working year that'll be 1000 issues gone from the baseline! Soon you'll be able to ditch SARB for good!

Authors

All versions of sarb with dependencies

PHP Build Version

Package Version

Version 1.9.0 Release 11. Jan 2024
create-project require 0 people choosed require and
0 people choosed create-project.

Download

Download latest version of sarb from vendor dave-liddament

Requires php Version >=8.0 <8.4
symfony/config Version ^5.4 || ^6 || ^7
symfony/console Version ^5.4 || ^6 || ^7
symfony/dependency-injection Version ^5.4 || ^6 || ^7
symfony/process Version ^5.4 || ^6 || ^7
symfony/yaml Version ^5.4 || ^6 || ^7
webmozart/assert Version ^1.11

Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package dave-liddament/sarb contains the following files

Loading the files please wait ....