<img alt="" src="https://secure.leadforensics.com/150446.png " style="display:none;">
Go to top icon

Magento 2 Static Code Analysis

Pravin Patil Oct 22, 2018

PHP Magento Static code

Quality of code plays an important role in application’s security, stability, and maintainability. There are different tools available to test the code quality and ensure that it is set to a high standard. Static analysis is one of the methods to check code quality without running the actual application and before it goes into production. Static code analysis helps us educate developers to produce high-quality code.

Benefits of static code analysis tools:

  • Identify issues during the development phase
  • Find weaknesses in the code
  • Detect code that needs to be refactored
  • Check code syntax
  • Achieve quality goals
  • Identifying vulnerabilities
  • Suggest how to improve performance

I used below tools to analyze the code written with Magento 2 and used ‘Phing’ build tool to automate this process.


Phing is a PHP project build system or build tool based on Apache Ant. It uses simple XML to define targets to execute.
Ref Link: https://www.phing.info/


PHPLoc is a tool for quickly measuring the size and analyzing the structure of a PHP project.
Ref Link: https://github.com/sebastianbergmann/phploc


PHPLint is a tool that can speed up the lint process of PHP files by running several lint processes at once.

PHPCS (Magento Coding standards)

Magento 2 EQP Coding Standard is a set of rules and sniffs for PHP_CodeSniffer tool.
Ref Link: https://github.com/magento/marketplace-eqp


PHPMD is a spin-off project of PHP Depend and aims to be a PHP equivalent of the well-known Java tool PMD.
Ref Link: https://phpmd.org/


PHPCPD is a Copy/Paste Detector (CPD) for PHP code.
Ref Link: https://github.com/sebastianbergmann/phpcpd


PHPUnit is a programmer-oriented testing framework for PHP. It is an instance of the xUnit architecture for unit testing frameworks.
Ref Link: https://phpunit.de/


phpDox is a documentation generator for PHP projects. This includes, but is not limited to, an API documentation. The main focus is on enriching the generated documentation with additional details like code coverage, complexity information and more.
Ref Link: http://phpdox.de/

I used Ubuntu 16.04 to execute static code analysis. Please make sure that all the above tools are installed. You can download the PHAR file and keep under /usr/local/bin directory.

Follow below steps to install PHP tools:

$ wget https://phar.phpunit.de/phpcpd.phar
$ chmod +x phpcpd.phar
$ mv phpcpd.phar /usr/local/bin/phpcpd

For PHPCS you can download complete package from https://github.com/magento/marketplace-eqp and extract into /opt folder.

Now write the build.xml with targets run using phing command and generate different code analysis reports. You can download the sample <<build.xml>> file using and <<phpdox.xml>> and copy into your Magento root folder.


Code Coverage:

PHP DocBlock (API Documentation):


e-Zest is a leading digital innovation partner for enterprises and technology companies that utilizes emerging technologies for creating engaging customers experiences. Being a customer-focused and technology-driven company, it always helps clients in crafting holistic business value for their software development efforts. It offers software development and consulting services for cloud computing, enterprise mobility, big data and analytics, user experience and digital commerce.