Sonar for PHP is on its way

It’s no secret that we at SQLI want to give the PHP world an Open Source full-featured continuous integration system.

As an essential step to this goal in the short term, we are working on enabling the Sonar QA reporting system for PHP projects.

Sebastian Bergmann asked some time ago for this possibility, but he discovered one missing link to complete the chain: some Java plugins to read and integrate PHP reports into Sonar.

Fortunately at SQLI Paris we have a strong Java department and Jérôme Tama volunteered to help in this task, supervised by Frédéric Leroy.

If you look a little into the Sonar WebUI you’ll see that a lot of information is brought in Java projects by the checkstyle plugin.

Unfortunately the possibilities of our analog PHP_CodeSniffer are actually smaller, giving a poorer Sonar report. This was the other missing link, less obvious to see.

The good news is that I was working since a while on “SQLI_CodeSniffer”, a wrapper to PHP_CodeSniffer that adds most of the features needed for a full integration.

So we’ve been able to integrate reports from SQLI_CodeSniffer, PHPUnit with XDebug code coverage, PHP_Depend, and the PHPUnit pmd report (partially added, we plan to switch to the brand new PHPMD).

So today I’ve a nice prototype working on my computer and I want to share some screenshots with you.

On the Dashboard screen you have a rich project overview with a remarkable radar of rules compliance by nature.

On the Components screen you have a view by component with an impressing treemap visualization. Let’s play with it !

You can change the measure represented by the size of rectangles. Let’s choose complexity.

And the measure that gives their color. Let’s choose coverage.

Ok, now I have a synthetic view of the project testing effort areas and priorities to cover that complexity.

Every report in Sonar can be specialized by component:

Now I see an overview for my project controllers.

In the component view I now have details for each class instead.

On the Violations drilldown screen you have detailed statistics about severities of your violations, most violated rules, violations by component and by class.

You can also see violations filtered by categories. You can easely concentrate your improving efforts on certains areas first.

Selecting a file gives you the code details with violations just pointing to the incriminated line: clear!

You can also filter the shown violations.

Switching to the coverage tab gives you the familiar covering visual report, with the numbers on the left indicating how many times your tests passed on the line.

The duplications tabs gives you details about your file code duplications. You can see the duplicated code by expanding the line.

In the Time machine screen you’ll be able to select all of your measures and see their evolution through time. In the greed you can choose for which dates to show figures by selecting them directly or filtering them by events.

In the Hotspots screen you have a nice synthetic view of project priorities: most violated rules, most violating classes, most complex classes and methods, …

I’ve not played enough with the administration part, but just looking at the menu you can imagine the richness: users/groups, global and project roles, defining manual metrics… Let’s just jump into the PHP quality profile.

I choosed the SQLI_CodeSniffer rules (PHP_CHECKSTYLE). I’m able to edit their presence and severity through the Sonar interface. This just let me think about all the times I had applied some good PHP_CodeSniffer standard on projects I was auditing just to discover tenths of thousands errors… What to suggest to developers? How to help them concentrate their effort?

My first impression as a user: Sonar informational richness and reporting quality is so superior to what we’re accustomed to see that this can really represents a jump in usability and in QA everyday practices.

If you like this as much as I do, you’ld probably go and download SQLI_CodeSniffer and search for the Sonar plugins… but please, be patient for a little while.

Development is still in alpha as important changes are coming, the most important being the merge of SQLI_CodeSniffer into PHP_CodeSniffer, and there is no sense in publishing all the work right now.

I’ll talk about all of this in an upcoming post: stay tuned!


  1. I am very happy to see that PHP support in Sonar is not going to be a dream anymore.

    I’d like to give it a try as soon as poissble.

  2. Francois says:

    Great new! Congratulations for this great work. I look forward to the first release. I can imagine a project or two that could benefit from this thing…

  3. Excellent stuff ! If you need help to complete the work, post on the Sonar dev mailing list.

  4. That’s definitely a good news just before starting this new year !! One of the main Sonar team’s priority for 2010 is to cover new languages (Sonar for Flex is also on its way) and the Sonar PHP plugin is certainly one of the most requested plugin :-)

  5. [...] auch bald die Analyse von PHP Quellcode mittels Sonar möglich sein wird. Im entsprechenden Blog Post von Gabriele Santini kann man anhand vieler Screenshots den Stand der Dinge begutachten. It’s no [...]

  6. [...] einem Blog Posting von SQLI durfte ich heute voller Freude lesen, dass bei SQLI daran gearbeitet wird, Sonar auch für [...]

  7. [...] I firstly saw the Sonar interface (look at my previous post for more) I understood that what I had done with SQLI_CodeSniffer could easily be adapted and [...]

  8. [...] et il était impossible d'analyser un projet PHP. Ce temps est en passe d'être révolu grâce à l'arrivée prochaine d'une extension qui permettra d'intégrer les outils liés à l'analyse de la qualité du code qui sont portés [...]

  9. Hugo says:

    Wow impressive ! Can’t wait to test the coming PHP extension :)

  10. Damien says:

    Pouvoir, d’un coup d’oeil, savoir si du code PHP est de qualité ou pas, ça va faire peur à bon nombre de projets !
    Bravo pour le boulot, on a hâte de tester !

  11. Alex B says:

    I’m currently putting together a plan for implementing a CI system for my dev team. Currently trying to decide on what tools to use, for example Bamboo vs Hudson and so on.

    My research has brought me to Sonar and I would be very interested in helping you test the Sonar PHP plugin.

    The good news is I’m sure our source code has a lot of violations in :)

    Thanks for your efforts.

  12. Chris Bryant says:

    It’s nice to see the work going on towards making PHP support in Sonar a reality. I can’t wait to see and test the PHP plugins when they are ready.

    Thanks for taking the time to share your work!

  13. Cédric says:

    Je travaille au développement d’un CMS open-source PHP et je suis très intéressé par ce plugin pour gérer le code via Sonar. J’ai une expérience dans le Java et j’ai pu voir la puissance de ce système d’intégration continue.

    J’ai d’ors et déjà essayé d’installer le plugin pour tester mais je bloque sur l’écriture du pom.xml (pour lancer le ‘mvn sonar:sonar’ sur le projet php), je ne suis pas très calé en Maven ! Quelqu’un aurait-il un fichier exemple à partager ? Merci d’avance ! Et félicitations pour cette enthousiasmante initiative !

  14. Actually, can we (at Sonar) help at all on this ? Let us know on the dev mailing list

  15. Alex says:

    Any news on that topic ?
    We would be really interested in the capacity for Sonar to analyse PHP code too.

  16. blacksun says:

    Thank you for your interest and sorry for my silence till now
    @Jean-Marc Fontaine, @Chris Bryant: definitely a reality and not a dream, just hope it’ll not deceive you like dreams coming reality do sometimes ;-)
    @François: Thank you, I hope to release a production version soon
    @Damien: C’est bien là que je veux en venir…
    @Olivier: just thank you for all your support these last weeks
    @Alex B: Are you still interested? You’re help is welcome now
    @Alex: sooner than you think?

  17. Alex B says:

    Hi, yes still very interested.

    I went for using the Atlassian suite of tools in the end, at $50-$60 for our small team it seemed like a good place to start.

    One of our 4 products now has a Bamboo CI server running builds using Phing and quite a number of tools (phpcpd, phpmd, phpunit etc etc).

    I have also started on trying to carve out our own PHP_CodeSniffer set of standards that at least vaguely follow our “normal” code patterns. Unfortunately it still needs a lot of reduction as the violations are in the tens of thousands.

    Feel free to contact me if you have something you want us to try out.



  18. Aurélien GALPIN says:

    J’aimerais savoir comment peut on ajouter des nouvelles règles avec ce plugin, (par defaut j’ai 95 rules PHPCodeSniffer +12 rules PHPMD) avec le standard GN de SQLI_cs
    J’aimerais bien ajouter des règles du standard ZF par exemple.

    Comment faire ?

    I would add some rules to PHP plugin (default 95 rulesPHPcs and 12 rules PHPMD) with standard coding GN (SQLI_cs)
    I would like add a few rules from standard coding ZF for example.
    How to install ?

  19. Cédric says:


    is there any release to test? I dreamed of this kind of tool for year! And I have a lot of code base to test it :-)


  20. Cédric says:

    Si un testeur/développeur PHP connaissant d’autres langages peut aider, j’ai de quoi donner à moudre à Sonar, et pas que du code propre (mais un peu quand même :-) )

  21. Dubuisson Isabelle says:


    Avant tout bravo pour votre initiative et tous nos encouragements.
    Nous avons essayés d’installer le plugin, mais sans succès (sûrement un problème de configuration du pom.xml). Pourriez-vous nous communiquer un fichier zip d’exemple ?

    Merci infiniment

    Isabelle Dubuisson

  22. Uma Shankar says:

    Hi Guys,

    I am using sonar for analyzing the php project. For me sonar is working fine, but source code is not displaying at the violation drilldown section. it just displays the violation.

    Can anyone please help me out for this?

Leave a Reply