The document discusses the importance and methods of static analysis in software development, contrasting it with dynamic analysis and emphasizing its role in identifying errors before program execution. It highlights the use of Exakat, a tool for static analysis that operates within Docker, allowing for code reviews and compatibility checks across different PHP versions. Additionally, the document outlines various commands and configurations for using Exakat to generate customized reports and perform comprehensive code analysis.

1. @danaluther
How to analyze your codebase
with Exakat using Docker
Static analysis for everyone
https://joind.in/talk/b32c9

2. @danaluther
Static Analysis
What is it and why do we need it?

3. @danaluther
Static Analysis
What is it and why do we need it?
• Dynamic Analysis - Performed while the program is running

4. @danaluther
Static Analysis
What is it and why do we need it?
• Dynamic Analysis - Performed while the program is running
• Unit / Functional / Acceptance Tests

5. @danaluther
Static Analysis
What is it and why do we need it?
• Dynamic Analysis - Performed while the program is running
• Unit / Functional / Acceptance Tests
• Static Analysis - Performed before running the program

6. @danaluther
Static Analysis
What is it and why do we need it?
• Dynamic Analysis - Performed while the program is running
• Unit / Functional / Acceptance Tests
• Static Analysis - Performed before running the program
• Analyze as part of the development cycle before unit tests are run

7. @danaluther
Static Analysis
What is it and why do we need it?
• Dynamic Analysis - Performed while the program is running
• Unit / Functional / Acceptance Tests
• Static Analysis - Performed before running the program
• Analyze as part of the development cycle before unit tests are run
• Can catch errors and vulnerabilities that may be overlooked by Unit Tests

8. @danaluther
Static Analysis
What is it and why do we need it?
• Dynamic Analysis - Performed while the program is running
• Unit / Functional / Acceptance Tests
• Static Analysis - Performed before running the program
• Analyze as part of the development cycle before unit tests are run
• Can catch errors and vulnerabilities that may be overlooked by Unit Tests
• Identify patterns in the code

9. @danaluther
Popular Options for Static Analysis
Standalone and Integrated Options
• Exakat - https://www.exakat.io/en/
• PHPStan - https://phpstan.org/
• Psalm - https://psalm.dev/
• PHP_CodeSni
ff
er - https://github.com/squizlabs/PHP_CodeSni
ff
er
• PhpStorm Inspections - https://www.jetbrains.com/help/phpstorm/code-
inspection.html

10. @danaluther

11. @danaluther
Take it with a grain of salt…
function ex_mysql_unbuffered_query($query, $dbh)
{
if (!$this
-
>
use_mysqli)
{
return mysql_unbuffered_query($query, $dbh);
}
return mysqli_query($dbh, $query, MYSQLI_USE_RESULT);
}

12. @danaluther
Why Exakat?
Community version with multiple report options
https://github.com/exakat/exakat

13. @danaluther
Why Exakat?
Community version with multiple report options
• Analyze once, generate multiple reports
https://github.com/exakat/exakat

14. @danaluther
Why Exakat?
Community version with multiple report options
• Analyze once, generate multiple reports
• Multiple PHP version compatibility reports
https://github.com/exakat/exakat

15. @danaluther
Why Exakat?
Community version with multiple report options
• Analyze once, generate multiple reports
• Multiple PHP version compatibility reports
• Option for visual representation of the analysis
https://github.com/exakat/exakat

16. @danaluther
Why Exakat?
Community version with multiple report options
• Analyze once, generate multiple reports
• Multiple PHP version compatibility reports
• Option for visual representation of the analysis
• Option for customized reports
https://github.com/exakat/exakat

17. @danaluther
Damien Seguy
@faguo
• https://www.exakat.io/en/bonjour/
• All the elePHPants

18. @danaluther
Why Docker?
No additional local code installation required!
• Exakat o
ffi
cial image requires no lengthy local install.
• Exakat public repo allows for quickly generating the latest versions.

19. @danaluther
Get the Exakat Docker image
https://hub.docker.com/r/exakat/exakat
> docker image pull exakat/exakat

20. @danaluther
Confirm the docker container runs
> docker container run
-
-
rm exakat/exakat exakat version

21. @danaluther
Confirm the configuration options
> docker container run
-
-
rm exakat/exakat exakat doctor

22. @danaluther
Time to Analyze!
https://github.com/DanaLuther/yii2-swivel

23. @danaluther
Create Project Report Docker Volume
Create the local directory that you want to store your project
fi
les in
> mkdir
-
p /Users/danaluther/Repos/exakat_y2s

24. @danaluther
Create Project Report Docker Volume
Create a docker volume that points to the directory which was just created
> docker volume create exakat_y2s
-
-
opt type=none
-
-
opt o=bind
-
-
opt device=/Users/danaluther/Repos/exakat_y2s

25. @danaluther
Create Project Report Docker Volume
Con
fi
rm the volume was created properly
> docker volume inspect exakat_y2s

26. @danaluther
Customize exakat ini
https://exakat.readthedocs.io/en/latest/User/Con
fi
guration.html
• Command line options
• The .exakat.ini
fi
le at source code root
• The con
fi
g.ini
fi
le in the project directory
• The exakat.ini
fi
le in the con
fi
g directory
• Default values within the code (.exakat.yaml)

27. @danaluther
Command line options
https://exakat.readthedocs.io/en/latest/Administrator/Commands.html

28. @danaluther
Command line options
https://exakat.readthedocs.io/en/latest/Administrator/Commands.html

29. @danaluther
config.ini - Available Options
https://exakat.readthedocs.io/en/latest/User/Con
fi
guration.html

30. @danaluther
exakat.ini
https://github.com/exakat/exakat-docker/blob/master/con
fi
g/exakat.ini

31. @danaluther
.exakat.yaml
https://exakat.readthedocs.io/en/latest/User/Con
fi
guration.html

32. @danaluther
Additional configuration options
https://exakat.readthedocs.io/en/latest/User/Con
fi
guration.html

33. @danaluther
Run Exakat init
exakat init -p <your project name> -R <path/to/the/code> -copy
> docker container run
-
-
rm
-
v exakat_y2s:/usr/src/exakat/projects
-
v $(PWD):/usr/src/exakat/projects/volume_src
exakat/exakat exakat init
-
p Yii2Swivel
-
v
-R /usr/src/exakat/projects/volume_src/
-
copy

34. @danaluther

35. @danaluther
Verify Initialization in the Exakat folder

36. @danaluther
Run Exakat project
From the project source directory
> docker container run
-
-
rm
-
v exakat_y2s:/usr/src/exakat/projects
-
v $(PWD):/usr/src/exakat/projects/volume_src
exakat/exakat exakat project
-
p Yii2Swivel
-
v

37. @danaluther
View Generated Report
Files have been generated in our permanent exakat_y2s folder

38. @danaluther

39. @danaluther

40. @danaluther
Compatibility Report
PHP Version Compatibility Analysis

41. @danaluther
Compatibility Report
PHP Version Compatibility Analysis

42. @danaluther

43. @danaluther

44. @danaluther

45. @danaluther

46. @danaluther

47. @danaluther

48. @danaluther
Fixes
php-cs-
fi
xer

49. @danaluther
Fixes
Rector

50. @danaluther
Inventories
appinfo()

51. @danaluther
Inventories
appinfo()

52. @danaluther
Dead Code report
… taken with a grain of salt

53. @danaluther
Dead Code report
… taken with a grain of salt

54. @danaluther

55. @danaluther
Dead Code report
… taken with a grain of salt

56. @danaluther
Dead Code report
… taken with a grain of salt

57. @danaluther
Dead Code report
… taken with a grain of salt

58. @danaluther
Customize reports
https://exakat.readthedocs.io/en/latest/Administrator/Commands.html#report
> docker container run
-
-
rm
-
v exakat_y2s:/usr/src/exakat/projects
-
v $(PWD):/usr/src/exakat/projects/volume_src
exakat/exakat exakat report
-
p Yii2Swivel
-
format Codesniffer
-
v

59. @danaluther

60. @danaluther
Customize reports
Dependency Wheel Report
> docker container run
-
-
rm
-
v exakat_y2s:/usr/src/exakat/projects
-
v $(PWD):/usr/src/exakat/projects/volume_src
exakat/exakat exakat report
-
p Yii2Swivel
-
format DependencyWheel
-
v

61. @danaluther

62. @danaluther

63. @danaluther

64. @danaluther
Customize reports
Dependency Wheel Report
> docker container run
-
-
rm
-
v exakat_y2s:/usr/src/exakat/projects
-
v $(PWD):/usr/src/exakat/projects/volume_src
exakat/exakat exakat report
-
p Yii2Swivel
-
format owasp
-
v

65. @danaluther

66. @danaluther

67. @danaluther
Persistent Report Directory
Reports stored in their unique folders by default

68. @danaluther
Customize reports
Migration80
> docker container run
-
-
rm
-
v exakat_y2s:/usr/src/exakat/projects
-
v $(PWD):/usr/src/exakat/projects/volume_src
exakat/exakat exakat report
-
p Yii2Swivel
-
format Migration80
-
v

69. @danaluther

70. @danaluther

71. @danaluther

72. @danaluther

73. @danaluther

74. @danaluther
Migration80 Output
Suggestions - Detail

75. @danaluther
Other output options?
Yes! There are many, many options to choose from.
• https://exakat.readthedocs.io/en/latest/Reference/Reports.html#list-of-
reports

76. @danaluther
Exakat for GitHub Actions
https://hub.docker.com/r/exakat/exakat-ga

77. @danaluther
Upcoming Exakat Features
Cobbler - https://exakat.readthedocs.io/en/latest/User/Cobbler.html

78. @danaluther
Questions??
Ask now or tweet at me if you think of it later!
https://www.linkedin.com/in/danaluther
dluther@envisageinternational.com
https://joind.in/talk/b32c9
🤔
?
? ?
?