Table of contents
Exacte Introduction
Exakat is a powerful, open-source tool for static code analysis of PHP projects. It is designed to help developers and teams improve the quality, security and performance of their PHP code. Exakat supports all PHP versions from 5.2 to 8 and offers a comprehensive analysis that goes far beyond simple syntax checks.
With over 500 built-in rules and the ability to create custom rules, Exakat covers a wide range of code quality aspects. It can identify potential bugs, security vulnerabilities, performance issues and violations of best practices. It also offers recommendations for code improvement and supports developers in complying with coding standards.
A special feature of Exakat is its ability to understand the context of the code. It not only analyses individual files, but looks at the entire project to uncover complex relationships and potential problems that might be missed if looked at in isolation.
Installation and setup
Exakat can be installed in different ways, depending on your preferences and operating system. Here are the most common methods:
Docker (recommended for easy installation):
docker pull exakat/exakat
Phar archive:
Download the latest version from the official website:
wget https://www.exakat.io/versions/exakat-latest.phar
chmod +x exakat-latest.phar
mv exakat-latest.phar /usr/local/bin/exakat
Composer (for developers):
composer global require exakat/exakat
After the installation you can check the successful setup:
exakat version
Exakat requires some additional dependencies for full functionality:
- PHP 7.2 or higher (for the execution of Exakat itself)
- Graphviz (for the generation of diagrams)
- Git (for analysing repositories)
It is important to note that Exakat is able to analyse code for all PHP versions from 5.2 to 8, regardless of the PHP version under which Exakat itself is running.
Configuration and customisation
Exakat is mainly configured via the config.ini file in the project directory. Here you can customise various aspects of the analysis:
Project settings:
project_name = "Mein PHP Projekt"
project_url = "https://github.com/mein/projekt"
PHP version:
php_version = 7.4
Analysis rules:
rulesets[] = 'Security'
rulesets[] = 'Performances'
rulesets[] = 'Analyze'
Ignored directories:
ignore_dirs[] = '/test'
ignore_dirs[] = '/vendor'
Exakat also offers the option of creating customised rules. This is done by writing PHP classes that use the Exakat API. For example:
<?php
namespace Vendor\Exakat\Analyser\Structures;
use Exakat\Analyzer\Analyzer;
class MyCustomRule extends Analyzer {
public function analyze() {
$this->atomIs('Function')
->outIs('NAME')
->codeIs('mySpecialFunction');
$this->printQuery();
$this->prepareQuery();
}
}
These customisation options allow you to tailor Exakat precisely to the needs and standards of your project.
Use of Exakat
Exakat offers a variety of commands for different analysis scenarios. Here are some of the most important commands and how to use them:
Initialise project:
exakat init -p myproject
This command creates a new project structure for the analysis.
Analyse code:
exakat project -p myproject
Carries out a complete analysis of the project.
Apply specific rules:
exakat analyze -p myproject -T Security,Performance
Analyses the project only with the specified rule sets.
Generate report:
exakat report -p myproject -format HTML -file myreport.html
Creates a detailed HTML report of the analysis results.
Check code quality:
exakat stat -p myproject
Shows statistical information about the analysed code.
Recommendations for upgrades:
exakat upgrade -p myproject -v 8.0
Gives recommendations for upgrading to PHP 8.0.
Incremental analysis:
exakat update -p myproject
Updates the analysis based on the latest code changes.
These commands can be integrated into your development workflow to perform regular code reviews. It is recommended to use Exakat both during development and before major releases to identify and fix potential problems early.
Integration in CI/CD-Pipelines
The integration of Exakat in CI/CD pipelines enables continuous monitoring of code quality. Here is an example of the integration in GitLab CI:
exakat_analysis:
image: exakat/exakat:latest
script:
- exakat init -p ${CI_PROJECT_NAME} -git ${CI_REPOSITORY_URL}
- exakat project -p ${CI_PROJECT_NAME}
- exakat report -p ${CI_PROJECT_NAME} -format codeclimate -file codeclimate.json
artifacts:
reports:
codequality: codeclimate.json
For GitHub Actions, the configuration could look like this:
name: Exakat Analysis
on: [push, pull_request]
jobs:
exakat:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Exakat Analysis
uses: docker://exakat/exakat:latest
with:
args: init -p ${{ github.repository }} -git ${{ github.repository }}
- name: Run Exakat
uses: docker://exakat/exakat:latest
with:
args: project -p ${{ github.repository }}
- name: Generate Report
uses: docker://exakat/exakat:latest
with:
args: report -p ${{ github.repository }} -format codeclimate -file codeclimate.json
- name: Upload Artifact
uses: actions/upload-artifact@v2
with:
name: exakat-report
path: codeclimate.json
These integrations allow code quality checks to be performed automatically with every push or pull request, which helps to maintain high code standards.
Reach our PHP Consultant specialists
We are experts in PHP and help you to master your digital challenges. Our experienced team supports you with PHP updates, PHP refactoring and advises you remotely on all questions relating to PHP. With our fully automated CI/CD deployments and a robust Docker infrastructure, we take your PHP projects to the next level. Rely on our expertise for reliable and scalable PHP solutions.
Frequently asked questions (FAQ)
Can Exakat handle legacy code?
Yes, Exakat supports PHP versions from 5.2 to 8, which makes it ideal for analysing legacy projects.
How does Exakat differ from other static analysis tools such as PHPStan or Psalm?
Exakat offers a more comprehensive analysis that goes beyond pure type testing. It takes the entire project context into account and offers recommendations for improvements.
Can I integrate Exakat into my existing development processes?
Absolutely. Exakat can be easily integrated into CI/CD pipelines, IDEs and version control systems.
How does Exakat deal with false positives?
Exakat offers options to ignore or customise certain warnings. The tool is also continuously improving its detection algorithms to minimise false positives.
Does Exakat support custom coding standards?
Yes, you can define your own rules and integrate them into the analysis.
How often should I run Exakat in my project?
It is recommended to run Exakat with every commit, but at least before every release.
Can Exakat help with the preparation of PHP upgrades?
a, Exakat provides special analyses and reports to help you prepare your code for upgrades to newer PHP versions.
How resource-intensive is the execution of Exakat?
The resource requirements depend on the size of the project. For large projects, the analysis can take some time, but Exakat offers options for incremental analyses.
Does Exakat support the analysis of frameworks such as Laravel or Symfony?
Yes, Exakat contains special rules and analyses for common PHP frameworks.
Can Exakat help with the documentation of my code?
Yes, Exakat can identify documentation gaps and make suggestions for improving the code documentation.
Conclusion
Exakat is a comprehensive and powerful tool for static code analysis in PHP projects. It offers in-depth analysis that goes far beyond simple syntax checks and helps developers to write high-quality, secure and efficient code. With support for all PHP versions from 5.2 to 8, it is suitable for both modern and legacy projects.
Exakat's strength lies in its ability to understand the entire project context and analyse complex code relationships. This makes it possible to uncover problems that might be overlooked by analysing individual files in isolation. The extensive customisation options and easy integration into existing development processes make Exakat a valuable tool for developers and teams of all sizes.
By using Exakat, developers can not only improve the quality of their code, but also save time by identifying and fixing potential problems early on. This leads to more robust, maintainable and secure PHP applications in the long term.
Further resources
Offizielle Exakat-Dokumentation
Exakat Blog mit aktuellen Tipps und Tricks
Exakat Online-Demo zum Testen ohne Installation
Exakat picture gallery
The Exakat image gallery offers insights into the functions and user interface of this powerful tool for static code analysis for PHP. The images shown provide an overview of how Exakat works and illustrate how developers can improve their code in terms of quality, security, performance and maintainability.
Ein Screenshot von Exakat, der zwei Code-Analyseberichte anzeigt. Im oberen Bereich wird ein PHP-If-Else-Ausdruck hervorgehoben, der die Illusion einer Wahl enthält, da beide Alternativen identisch sind. Daneben ist eine Erklärung sowie ein Link zur betroffenen Datei zu sehen.
Das Exakat-Dashboard mit einer Projektübersicht. Zeigt die Anzahl der PHP-Dateien, analysierten Zeilen Code und eine grafische Aufschlüsselung von Problemen nach Kategorien wie Code Smells, Dead Code, Performance und Sicherheit. Balkendiagramme visualisieren die Verteilung der Probleme.
