The quality of your code is as important as testing your application. Recently, we have seen multiple articles which hopefully helped you on your way to providing a more stable application. Today, we are going to have a closer look at SensioLabs Insight. If you used Symfony or Silex in the past, you are probably familiar with SensioLabs, since they are the main sponsor of the Symfony framework.
What is SensioLabs Insight?
SensioLabs Insight is a quality assurance tool which can be used to determine the quality of your code. You are probably already aware of QA tools like PHPMD, PHPCPD and PHPUnit, for example. Although SensioLabs Insight has some similar checks, it also does much more. Do note, however, that SensioLabs Insight does not run on your local environment, but rather as a service by SensioLabs.
As of this writing, it has 99 checkpoints it scans for. It scans for everything from simple things like
TODO: within your code to security issues and performance flaws. You can see a complete list of what they analyze on this page.
In general, your PHP files will be checked. Next to that, it’s also capable of checking for malformed XML or YAML files, potential risks within HTML files and if your
composer.lock is up to date. Since this tool is part of SensioLabs, it is of course capable of checking your Symfony and Silex projects. For these kinds of projects, extra checkpoints are added to see if the Symfony
config.php file is removed and if the favicon has been changed. However, SensioLabs is also able to check your Laravel, Drupal or any general PHP project.
In the end, it’s a complete tool which probably reports more feedback to you than you would imagine at first. Let’s set up our first project and check out an analysis.
Prepare your project
Before we can analyse our first project, we need to create an account on SensioLabs Connect first. After that, we can prepare our project. If your project is open source and you don’t mind the analysis becoming public, you can freely use SensioLabs Insight. You are only limited to certain features which you an see on their pricing page. If you are working on a private project or you collaborate with other developers, you need to upgrade to a paid plan.
After you have chosen a plan, you can create a new project by providing a link to your private git repository or to any provider like Github or Bitbucket.
After clicking the analyse button, SensioLabs Insight will immediately start to check your application for flaws.
Analyse your project
Let’s have a look at some analysis. For that, I am using an open source project named Jumph. Jumph is a Symfony 2 project which has already been around for a couple of months, so the example below is after already fine tuning the Symfony framework.
SensioLabs Insight works with a medal system. Depending on how many issues are found and how heavy the issues are, you are given a certain medal. The best medal you can get is a platinum medal, indicating SensioLabs Insight was unable to detect any problems.
Based on the issues, it also tries to determine how much work you have left to complete the issues. In my case, it should take me more than 4 days to get everything resolved. From experience, I can tell you that it won’t take you that much time.
Let’s move on the most important part: the issues. In my case, you will see that I’m modifying a resource through a GET request. SensioLabs Insight suggests to either change it to a POST, PUT or DELETE request.
Next, you will see that SensioLabs found some duplicate code and TODO comments. Although TODO shouldn’t always be a problem, it clearly indicates your application is not completed yet.
What you will also notice is that Symfony is not up to date. Apparently, I am using an older version in my
composer.lock file than the current release. In this case, I am using 2.3.16 while 2.3.17 is already available.
If you are interested in seeing where the problem is located, you can click on a certain issue which extends an additional information block.
SensioLabs Insight clearly indicates in which file and on which line the problem can be found. You also get a clearer description of the problem. In the case of the outdated Symfony framework, there is just a description.
If you are working as a team on a project, you can comment on the issue, allowing you to discuss the issue within your team. By clicking
open issue, a new issue will be opened in your bug tracker, allowing you to report it to your team. If you feel the item is not an issue, you can easily ignore it. Do note however that you won’t get a platinum badge for ignoring issues.
SensioLabs Insight can check for a lot more issues within your application. The best you can do is to try it out yourself. However, here you have a more extended report I received earlier, indicating my application has some serious issues to deal with.
You will notice that SensioLabs Insight does some checks you know from other QA tools. For example, duplication of code can also be found by PHPCPD, where unused properties can be found by PHPMD. I am uncertain if SensioLabs Insight leans on these tools or implemented it themselves.
So far we just simply ran an analysis on our project. At some point, you might want to exclude certain tests, change branch or maybe use a database. You are able to configure your project so it meets your criteria. By editing the project, you can indicate the branch to use. You also have a special field in which you can configure in YAML format which tools you actually want to run.
For example, this is a piece of the configuration you can use to set up your project.
cp app/config/parameters.yml.dist app/config/parameters.yml
sed -i -e "s/database_user:.*/database_user: root/" app/config/parameters.yml
sed -i -e "s/database_password:.*/database_password: Secr3t/" app/config/parameters.yml
./app/console doctrine:database:create --no-interaction
./app/console doctrine:schema:create --no-interaction
./app/console doctrine:fixtures:load --no-interaction
If you are currently developing an open source project, you can freely use SensioLabs Insight. There are some limitations like that you can only view the last 5 analyses for example. SensioLabs was generous enough to share a trial key with us, allowing you to test SensioLabs Insight for one month. All you need to do is register yourself, upgrade your package to either one you like and fill in
SLI-LD-141S as the coupon code. All you need to do then is add a new project and check the first analysis it’s doing.
If you read my PHP-CI review, you already noticed that I am really loving this tool. I believe it’s a welcome addition to all the QA tools we know. I think the power of the tool is mostly in the fact that it scans for particular frameworks issues. I can imagine many people forgot to delete some files from the standard Symfony framework, and this tool tracks such cases. However, I think it is also very useful for general PHP projects – there are many checks left unmentioned in this post which SensioLabs Insight will perform on your application.
If you are using the trial coupon code, share with us in the comments your experiences with SensioLabs Insight. Did it blow you away or did you immediately receive the platinum medal? I would love to hear from you in the comments below.
Frequently Asked Questions (FAQs) about SensioLabs Insight and Code Quality
What is SensioLabs Insight and how does it help in improving code quality?
SensioLabs Insight is a quality assurance tool that provides in-depth analysis of your project’s code. It scrutinizes the code for any potential issues, including security vulnerabilities, performance problems, and coding standards violations. The tool provides a detailed report highlighting the areas of concern and suggesting improvements. This helps developers to maintain high-quality code, reduce technical debt, and ensure the application’s robustness and reliability.
How does SensioLabs Insight differ from other code quality tools?
SensioLabs Insight stands out from other code quality tools due to its comprehensive analysis capabilities. It not only checks for coding standards and best practices but also looks for security vulnerabilities, architecture-related issues, and performance problems. It provides actionable recommendations to improve the code quality, making it a valuable tool for developers and teams aiming for excellence in their projects.
Can SensioLabs Insight be integrated with other development tools?
Yes, SensioLabs Insight can be integrated with various development tools and environments. For instance, there’s a plugin available for JetBrains PhpStorm that allows developers to run Insight analysis directly from the IDE. This seamless integration enhances the development workflow and makes it easier to maintain high-quality code.
How does SensioLabs Insight help in identifying security vulnerabilities?
SensioLabs Insight has a robust security analysis feature. It scans the code for common security vulnerabilities such as SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF). It also checks for the use of outdated or insecure libraries. By identifying these vulnerabilities early in the development process, Insight helps in building secure applications.
What is the role of SensioLabs Insight in Symfony development?
SensioLabs Insight is particularly beneficial for Symfony development. It checks for Symfony-specific best practices and coding standards, ensuring that the application adheres to the framework’s conventions. It also identifies any potential issues with the use of Symfony components and bundles, helping developers to get the most out of the framework.
How does SensioLabs Insight contribute to reducing technical debt?
Technical debt refers to the future cost of reworking and fixing the issues in the code that were not addressed initially. SensioLabs Insight helps in reducing technical debt by identifying these issues early in the development process. It provides a detailed report of the code’s quality, highlighting the areas that need improvement. By addressing these issues promptly, developers can avoid the accumulation of technical debt.
Can SensioLabs Insight analyze code written in languages other than PHP?
While SensioLabs Insight is primarily designed for PHP projects, it can also analyze code written in other languages to some extent. However, for a comprehensive analysis of non-PHP code, other tools might be more suitable.
How does SensioLabs Insight help in improving code performance?
SensioLabs Insight checks for common performance issues such as inefficient database queries, unnecessary computations, and memory leaks. It provides recommendations to optimize the code, helping in building fast and responsive applications.
Can SensioLabs Insight be used for continuous integration?
Yes, SensioLabs Insight can be integrated into the continuous integration pipeline. It can analyze the code with each commit, ensuring that the code quality is maintained throughout the development process.
Is SensioLabs Insight suitable for large projects?
SensioLabs Insight is designed to handle projects of all sizes. It can analyze large codebases efficiently, making it a suitable tool for both small and large projects.