Skip to main content

PHP (Beta)

This article shows you how to analyze applications written in PHP using preZero. It assumes that you have already set up and authenticated with Qwiet.

Requirements

See Prerequisites for more information.

Analyzing your PHP application

To analyze your PHP application, run:

sl analyze --app <name> --php <path>
ParameterDescription
--app <name>The name of the application to be analyzed (maximum length: 100 characters)
--phpThe flag identifying the application's language
<path>The path to your project

See the CLI reference for additional sl analyze options.

Additional parameters

The analysis accepts additional parameters after a double hyphen --.

sl analyze --app <name> --php <path> -- ...

To exclude specific files or directories from the analysis:

sl analyze --app <name> --php <path> -- --exclude <path>

To exclude files or directories based on a regular expression match:

sl analyze --app <name> --php <path> -- --exclude-regex <expression>

Sample usage

sl analyze --app shiftleft-php-example --php .

Tagging results with your branch name

To include the branch name in your preZero results, allowing you to distinguish one set of results from another, add the following to your invocation of Qwiet:

sl analyze --app shiftleft-php-example --php --tag branch=`git symbolic-ref --short HEAD` .

If you're working in a GitHub environment (e.g., GitHub Actions), you can also use --tag branch=${{ github.head_ref }} to populate your branch name.

If you don't provide a branch name, but Qwiet detects one available in your environment, it will use that name.

Troubleshooting

If you have any issues scanning your project, please see our general troubleshooting page.