Skip to content

VIP Code Analysis Bot

PHPCS analysis

PHP_CodeSniffer (PHPCS) is a tool that helps software professionals write performant and safe PHP code. PHPCS is an independent utility that scans code using the PHPCS standards specified, and multiple such standards exist. Each PHPCS standard is composed of one or more PHPCS sniffs that does the actual identification of issues. The standards used by VIP are designed to reinforce the VIP best practices for writing secure, performant, and future-friendly code. 

The VIP Code Analysis Bot is configured to run PHPCS using two standards:

The Bot analyzes all PHP and JavaScript files altered or created in submitted pull requests using PHPCS. PHPCS feedback posted by the Bot pertains only to the altered (or new) sections of each file submitted. Unaltered files will not be analyzed. 

By default the Bot uses the PHPCS severity level of 1, but this and other options are configurable. Specific PHPCS sniffs can also be enabled or disabled.

A more detailed explanation of errors and warnings for each severity level is available for interpreting PHPCS feedback.

Additions cannot be made to the available PHPCS standards, but suggestions for PHPCS standards can be submitted through VIP’s Feedback Portal 

An example of feedback from the Bot highlighting errors found by PHPCS scanning

Local PHPCS analysis

VIP recommends installing the PHPCS utility locally, and using the PHPCS  WordPress-VIP-Go standard. Scanning code locally with PHPCS will allow developers to identify and address issues, and minimize or suppress any remaining errors or warnings, prior to submitting a pull request.

Adding PHPCS scans to a local workflow helps developers learn VIP best practices, leads to better experiences with the Bot, and less errors generated on submission to GitHub.

Last updated: March 25, 2022