Skip to content

VIP Code Analysis Bot

PHPCS analysis

PHP_CodeSniffer (PHPCS) is a tool that helps software professionals write performant and safe PHP code. PHPCS is an independent utility that scans code using the PHPCS standards specified, and multiple such standards exist. Each PHPCS standard is composed of one or more PHPCS sniffs that does the actual identification of issues. The standards used by VIP are designed to reinforce the VIP best practices for writing secure, performant, and future-friendly code. 

The VIP Code Analysis Bot is configured to run PHPCS using two standards:

The Bot analyzes all PHP and JavaScript files altered or created in submitted pull requests using PHPCS. PHPCS feedback posted by the Bot pertains only to the altered (or new) sections of each file submitted. Unaltered files will not be analyzed. 

By default the Bot uses the PHPCS severity level of 1, but this and other options are configurable. Specific PHPCS sniffs can also be enabled or disabled.

A more detailed explanation of errors and warnings for each severity level is available for interpreting PHPCS feedback.

An example of feedback from the Bot highlighting errors found by PHPCS scanning

PHPCompatibilityWP PHPCS standard

By default the Bot will ask the PHPCompatibilityWP PHPCS standard to evaluate all code changes against the highest PHP version in use by the environments to which the repository being analyzed deploys. Versions are determined dynamically. The PHPCS run-time option used for this purpose is named testVersion and is provided to PHPCS on the command line during scanning.


Some PHP 8 incompatibilities are not yet detected by the PHPCompatibilityWP standard and its dependencies. The upcoming release version 10.0.0 of the PHPCompatibility standard will remedy this.

Applications running more than one PHP version

Applications on VIP typically include more than one environment, and it is possible for those environments to run different versions of PHP. If an application includes environments that are running both PHP 7.4 and 8.0, the testVersion parameter will be set to 8.0- (the highest PHP version).

Applications only running PHP 7.4

For applications with environments where only PHP version 7.4 is running, testVersion will be set to 8.0- while scanning PHP files that are updated or added by pull requests using the PHPCS PHPCompatibilityWP standard. The purpose of this setting is to prepare applications for the upgrade to PHP 8.0 by helping to identify any incompatibilities in new or altered code due to language changes in PHP 8.0.

Local PHPCS analysis

VIP recommends installing the PHPCS utility locally, and using the PHPCS  WordPress-VIP-Go standard. Scanning code locally with PHPCS will allow developers to identify and address issues, and minimize or suppress any remaining errors or warnings, prior to submitting a pull request.

Adding PHPCS scans to a local workflow helps developers learn VIP best practices, leads to better experiences with the Bot, and fewer errors generated on submission to GitHub.

Additions cannot be made to the available PHPCS standards, but suggestions for PHPCS standards can be submitted through VIP’s Feedback Portal 

Last updated: September 13, 2022