This article is written for and published on SitePoint.
The quality of your code is as important as testing your application. Recently, we have seen multiple articles which hopefully helped you on your way to providing a more stable application. Today, we are going to have a closer look at SensioLabs Insight. If you used Symfony or Silex in the past, you are probably familiar with SensioLabs, since they are the main sponsor of the Symfony framework.
SensioLabs Insight is a quality assurance tool which can be used to determine the quality of your code. You are probably already aware of QA tools like PHPMD, PHPCPD and PHPUnit, for example. Although SensioLabs Insight has some similar checks, it also does much more. Do note, however, that SensioLabs Insight does not run on your local environment, but rather as a service by SensioLabs.
As of this writing, it has 99 checkpoints it scans for. It scans for everything from simple things like
TODO: within your code to security issues and performance flaws. You can see a complete list of what they analyze on this page.
In general, your PHP files will be checked. Next to that, it’s also capable of checking for malformed XML or YAML files, potential risks within HTML files and if your
composer.lock is up to date. Since this tool is part of SensioLabs, it is of course capable of checking your Symfony and Silex projects. For these kinds of projects, extra checkpoints are added to see if the Symfony
config.php file is removed and if the favicon has been changed. However, SensioLabs is also able to check your Laravel, Drupal or any general PHP project.
In the end, it’s a complete tool which probably reports more feedback to you than you would imagine at first. Let’s set up our first project and check out an analysis.
Before we can analyse our first project, we need to create an account on SensioLabs Connect first. After that, we can prepare our project. If your project is open source and you don’t mind the analysis becoming public, you can freely use SensioLabs Insight. You are only limited to certain features which you an see on their pricing page. If you are working on a private project or you collaborate with other developers, you need to upgrade to a paid plan.
After you have chosen a plan, you can create a new project by providing a link to your private git repository or to any provider like Github or Bitbucket.
After clicking the analyse button, SensioLabs Insight will immediately start to check your application for flaws.
Let’s have a look at some analysis. For that, I am using an open source project named Jumph. Jumph is a Symfony 2 project which has already been around for a couple of months, so the example below is after already fine tuning the Symfony framework.
SensioLabs Insight works with a medal system. Depending on how many issues are found and how heavy the issues are, you are given a certain medal. The best medal you can get is a platinum medal, indicating SensioLabs Insight was unable to detect any problems.
Based on the issues, it also tries to determine how much work you have left to complete the issues. In my case, it should take me more than 4 days to get everything resolved. From experience, I can tell you that it won’t take you that much time.
Let’s move on the most important part: the issues. In my case, you will see that I’m modifying a resource through a GET request. SensioLabs Insight suggests to either change it to a POST, PUT or DELETE request.
Next, you will see that SensioLabs found some duplicate code and TODO comments. Although TODO shouldn’t always be a problem, it clearly indicates your application is not completed yet.
What you will also notice is that Symfony is not up to date. Apparently, I am using an older version in my
composer.lock file than the current release. In this case, I am using 2.3.16 while 2.3.17 is already available.
If you are interested in seeing where the problem is located, you can click on a certain issue which extends an additional information block.
SensioLabs Insight clearly indicates in which file and on which line the problem can be found. You also get a clearer description of the problem. In the case of the outdated Symfony framework, there is just a description.
If you are working as a team on a project, you can comment on the issue, allowing you to discuss the issue within your team. By clicking
open issue, a new issue will be opened in your bug tracker, allowing you to report it to your team. If you feel the item is not an issue, you can easily ignore it. Do note however that you won’t get a platinum badge for ignoring issues.
SensioLabs Insight can check for a lot more issues within your application. The best you can do is to try it out yourself. However, here you have a more extended report I received earlier, indicating my application has some serious issues to deal with.
You will notice that SensioLabs Insight does some checks you know from other QA tools. For example, duplication of code can also be found by PHPCPD, where unused properties can be found by PHPMD. I am uncertain if SensioLabs Insight leans on these tools or implemented it themselves.
So far we just simply ran an analysis on our project. At some point, you might want to exclude certain tests, change branch or maybe use a database. You are able to configure your project so it meets your criteria. By editing the project, you can indicate the branch to use. You also have a special field, in which you can configure in YAML format which tools you actually want to run.
For example, this is a piece of the configuration you can use to set up your project.
ignore_branches: - gh-pages pre_composer_script: | #!/bin/bash cp app/config/parameters.yml.dist app/config/parameters.yml sed -i -e "s/database_user:.*/database_user: root/" app/config/parameters.yml sed -i -e "s/database_password:.*/database_password: Secr3t/" app/config/parameters.yml post_composer_script: | #!/bin/bash ./app/console doctrine:database:create --no-interaction ./app/console doctrine:schema:create --no-interaction ./app/console doctrine:fixtures:load --no-interaction php_ini: | extension=openssl.so extension=mcrypt.so global_exclude_dirs: - vendor - vendors - test - tests - Tests - spec - features - Fixtures - DataFixtures exclude_patterns: - app/check.php - app/SymfonyRequirements.php - web/config.php - web/app_*.php rules: web.missing_robots_txt: enabled: true
If you are currently developing an open source project, you can freely use SensioLabs Insight. There are some limitations like that you can only view the last 5 analyses for example. SensioLabs was generous enough to share a trial key with us, allowing you to test SensioLabs Insight for one month. All you need to do is register yourself, upgrade your package to either one you like and fill in
SLI-LD-141S as the coupon code. All you need to do then is add a new project and check the first analysis it’s doing.
If you read my PHP-CI review, you already noticed that I am really loving this tool. I believe it’s a welcome addition to all the QA tools we know. I think the power of the tool is mostly in the fact that it scans for particular frameworks issues. I can imagine many people forgot to delete some files from the standard Symfony framework, and this tool tracks such cases. However, I think it is also very useful for general PHP projects – there are many checks left unmentioned in this post which SensioLabs Insight will perform on your application.