One of the topics we shared to the community is how to use Code Analysis Tool in Laravel. Last March 16, 2024 @ 1:30pm to 5:30pm, we hosted the inaugural Code & Connect: Laravel Cebu 2024. Held at Fullspeed Technologies Inc. Office - Unit 1 & 2 9th Floor HM Tower W. Geonzon St. Cebu IT Park, Apas Cebu City.

Before we dive in to the tool we use for code analysis in laravel, we will first discuss the following terminology:

Shift left with Static Code Analysis

• The term “Shift left” refers to the practice of integrating automated software testing and analysis tools earlier in the software development lifecycle (SDLC).
• Static analysis is an essential technique for ensuring reliability, security, and maintainability of software applications.
• It helps developers identify and fix issues early, improve code quality, enhance security, ensure compliance, and increase efficiency.
• Using static analysis tools, developers can build better quality software, reduce the risk of security breaches, and minimize the time and effort spent debugging and fixing issues.

What is Static Code Analysis

• Static analysis, also called static code analysis, is a method of computer program debugging that is done by examining the code without executing the program.
• The process provides an understanding of the code structure and can help ensure that the code adheres to industry standards.
• Automated tools can assist programmers, developers and software engineers in carrying out static analysis.
• The software will scan all code in a project to check for vulnerabilities while validating the code.

Whether you are starting a new project or taking over an existing project - one question will always come up: “How do we improve code quality?”. That’s why we should use tools to help us write better code. One of those tools in code analysis in laravel is Larastan.

About Larastan

• Larastan was created by Can Vural and Nuno Maduro. Maintained by Can Vural, Nuno Maduro, and Viktor Szépe.
• Larastan is a phpstan wrapper for Laravel.
• It focuses on finding errors in your code, catching whole classes of bugs even before you write tests for the code.
• Adds static typing to Laravel to improve developer productivity and code quality.
• Supports most of Laravel’s beautiful magic.

While by definition, “static analysis” doesn’t load any of your application’s code. Larastan boots your application’s container, so it can resolve types that are only possible to compute at runtime. That’s why, it use the term “code analysis” instead of “static analysis”.

How to run Larastan

Prerequisites

• PHP 8.0+
• Composer
• Laravel 9.0+

Note: If you are using a Laravel version older than 9.x, please refer to Larastan v1.x with PHPStan 1.8.x.

Getting started in 3 Steps

Step 1. Install as Development Dependency

Make sure you are in your project directory and execute:

 composer require larastan/larastan:^2.0 --dev

Step 2. Configure Larastan

Create a phpstan.neon or phpstan.neon.dist file in the root of your application. And add the following configuration:

includes:
  - vendor/larastan/larastan/extension.neon

parameters:
    paths:
      - app/

    # Level 9 is the highest level
    level: 8

Step 3. Code Analysis via Console

And the final step. Execute the static code analyzer:

./vendor/bin/phpstan analyse

If you are getting the error Allowed memory size exhausted, then you can use the –memory-limit option fix the problem:

./vendor/bin/phpstan analyse --memory-limit=2G

Rules

All rules that are specific to Laravel applications are listed here with their configurable options.

Rule Levels

PHPStan’s strict checks, you can currently choose from 10 levels (0 is the loosest and 9 is the strictest). The default level is 0. Levels are cumulative - for example running level 5 also gives you all the checks from levels 0-4.

A list of configurable rule levels can be found here.

How to Ignore Errors

Several reasons exists for ignoring errors, to do this please check PHPStan’s Ignoring Errors documentation.

Custom PHPDoc Type

A list of PHPDoc types specific to Larastan can be found here.

Custom PHPStan Configuration

A list of custom configuration parameters that can be used in the PHPStan configuration file can be found here.