VIP Code Analysis Bot

For WordPress applications, the VIP Code Analysis Bot (“the Bot”) automatically analyzes code in pull requests made to any branch of a wpcomvip GitHub repository. The Bot helps to maintain the quality of the code submitted and to ensure the security and stability of the WordPress sites hosted on the VIP Platform. 

The Bot is set up to run specific scanners: Vulnerability and Update Scan, PHPCS analysis, PHP linting, and SVG analysis. The Bot also asks internal APIs for data and performs some checks on its own. Results are reported in easily readable GitHub feedback and comments. The Bot can also calculate whether a pull request can be automatically approved.

• By default, the Bot only analyzes repositories that deploy to WordPress environments.
• The Bot’s behavior can be customized and PHPCS scans can be selectively enabled.
• The Bot is triggered and managed by an internal Continuous Integration (CI) software. The Bot is already enabled and configured in all repositories belonging to the wpcomvip GitHub organization; no setup or configuration is required by VIP customers.
• The Bot is a software bundle under active development, maintained by VIP. Suggestions for improvements can be submitted through VIP’s Feedback Portal.