PHPackages                             dave-liddament/sarb - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Testing &amp; Quality](/categories/testing)
4. /
5. dave-liddament/sarb

ActiveProject[Testing &amp; Quality](/categories/testing)

dave-liddament/sarb
===================

Provides tools for baselining static analysis results and comparing against that baseline

1.10.0(1y ago)1651.4M—4.9%17[1 issues](https://github.com/DaveLiddament/sarb/issues)MITPHPPHP &gt;=8.0 &lt;8.5CI passing

Since Nov 28Pushed 3mo ago4 watchersCompare

[ Source](https://github.com/DaveLiddament/sarb)[ Packagist](https://packagist.org/packages/dave-liddament/sarb)[ RSS](/packages/dave-liddament-sarb/feed)WikiDiscussions master Synced 1mo ago

READMEChangelog (10)Dependencies (18)Versions (32)Used By (0)

Static Analysis Results Baseliner (SARB)
========================================

[](#static-analysis-results-baseliner-sarb)

[![PHP versions: 8.0|8.1|8.2|8.3|8.4](https://camo.githubusercontent.com/f9ddbc3b8b11c2029b545a48250dd5c387bdd066a04fc8ea53a3c8ec474ce440/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f7068702d382e30253743382e31253743382e32253743382e33253743382e342d626c75652e737667)](https://packagist.org/packages/dave-liddament/sarb)[![Latest Stable Version](https://camo.githubusercontent.com/36fe34b31d4898e936a52f8d311360ac52ededbb5a7412224f61c805ee36b370/68747470733a2f2f706f7365722e707567782e6f72672f646176652d6c696464616d656e742f736172622f762f737461626c65)](https://packagist.org/packages/dave-liddament/sarb)[![License](https://camo.githubusercontent.com/87ebe508ba99a5db83fed1348066069864cb31db7fdfa03113e3a7ecdbc4c5bc/68747470733a2f2f706f7365722e707567782e6f72672f646176652d6c696464616d656e742f736172622f6c6963656e7365)](https://github.com/DaveLiddament/sarb/blob/master/LICENSE.md)[![Total Downloads](https://camo.githubusercontent.com/3499e9786b01ee61a04fed466eaa741e3f967b21a927d8c038546a748d82c2bf/68747470733a2f2f706f7365722e707567782e6f72672f646176652d6c696464616d656e742f736172622f646f776e6c6f616473)](https://packagist.org/packages/dave-liddament/sarb/stats)

[![Continuous Integration](https://github.com/DaveLiddament/sarb/workflows/Full%20checks/badge.svg)](https://github.com/DaveLiddament/sarb/actions)[![Scrutinizer Code Quality](https://camo.githubusercontent.com/4b2b27cdd58e61b09bbd1a16612fcac22fa1cbec52c8d4c534c8474c7ab1041e/68747470733a2f2f7363727574696e697a65722d63692e636f6d2f672f446176654c696464616d656e742f736172622f6261646765732f7175616c6974792d73636f72652e706e673f623d6d6173746572)](https://scrutinizer-ci.com/g/DaveLiddament/sarb/?branch=master)[![PHPStan level 8](https://camo.githubusercontent.com/ecb39a33957e802f1f085f1debada1e99904e72b8d807e98991fb7f9660cb6d3/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f5048505374616e2d6d61782532306c6576656c2d627269676874677265656e2e737667)](https://github.com/DaveLiddament/sarb/blob/master/phpstan.neon)[![Code Coverage](https://camo.githubusercontent.com/832ece90115c97cd0126e95386c1991aa290c15b747da79a245a5f1bcc021c5b/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f436f6465253230636f7665726167652d3130302532352d627269676874677265656e2e737667)](https://github.com/DaveLiddament/sarb/blob/f2db1404c8f2acb0f813c7fb49624fe21e42a302/composer.json#L109)

- [Why SARB](#why-sarb)
- [Requirements](#requirements)
- [Installing](#installing)
- [Using SARB](#using-sarb)
- [Further reading](#further-reading)

Why SARB?
---------

[](#why-sarb)

If you've tried to introduce advanced static analysis tools (e.g. [Psalm](https://getpsalm.org), [PHPStan](https://github.com/phpstan/phpstan)) to legacy projects the tools have probably reported thousands of problems. It's unrealistic to fix all but the most critical ones before continuing development.

SARB is used to create a baseline of these results. As work on the project progresses SARB takes the latest static analysis results, removes those issues in the baseline and report the issues raised since the baseline. SARB does this, in conjunction with git, by tracking lines of code between commits. Currently, SARB only supports git, but it is possible to [add support for other SCMs](docs/NewHistoryAnalyser.md).

SARB is written in PHP, however it can be used to baseline results for any language and [any static analysis tool](docs/CustomInputFormats.md).

#### Why not SARB?

[](#why-not-sarb)

SARB should not be used on greenfield projects. If you're lucky enough to work on a greenfield project make sure you fix all problems raised by static analysis as you go along.

Requirements
------------

[](#requirements)

Currently, SARB only supports projects that use [git](https://git-scm.com/).

SARB requires PHP &gt;= 8.0 to run. The project being analysed does not need to run PHP 8.0 or even be a PHP project at all.

Installing
----------

[](#installing)

You can either add directly to the project you wish to run analysis on:

```
composer require --dev dave-liddament/sarb

```

Or you can install SARB globally (e.g. if you want to use it on a non PHP project):

```
composer global require dave-liddament/sarb

```

If you install globally make sure the composer bin directory is in your path.

Using SARB
----------

[](#using-sarb)

If you're using version 0.x see the [old documentation](docs/version0/README.md) and how to [upgrade](docs/version0/UpgradingToVersion1.md).

#### 1. Make sure the current git commit is the one to be used in the baseline

[](#1-make-sure-the-current-git-commit-is-the-one-to-be-used-in-the-baseline)

When creating the baseline, SARB needs to know the git commit SHA of the baseline. Make sure your code is in the state you want it to be in for the baseline and that the current commit represents that state.

#### 2. Create the baseline

[](#2-create-the-baseline)

Run the static analyser of choice and pipe the results into SARB:

E.g. using [Psalm's](https://psalm.dev) JSON output:

```
vendor/bin/psalm --output-format=json | vendor/bin/sarb create --input-format="psalm-json" psalm.baseline
```

This creates a baseline file called `psalm.baseline`. You'll want to check this in to your repository.

#### 3. Update code and then use SARB to remove baseline results

[](#3-update-code-and-then-use-sarb-to-remove-baseline-results)

Continue coding. Then rerun static analyser and pipe results into SARB:

```
vendor/bin/psalm --output-format=json | vendor/bin/sarb remove psalm.baseline
```

### Running SARB from a global installation

[](#running-sarb-from-a-global-installation)

If you are running SARB from a global installation you will need to specify the root of the project (where the `.git` directory lives). The above would become:

```
psalm --output-format=json | sarb create --project-root=/path/to/project/root --input-format="psalm-json" psalm.baseline
```

### Supported tools

[](#supported-tools)

To see a list of supported tools and formats use:

```
vendor/bin/sarb list-static-analysis-tools

```

How to create and remove baseline for each supported tool:

#### [PHP CodeSniffer](https://github.com/squizlabs/PHP_CodeSniffer)

[](#php-codesniffer)

```
vendor/bin/phpcs src --report=json | vendor/bin/sarb create --input-format="phpcodesniffer-json" phpcs.baseline
vendor/bin/phpcs src --report=json | vendor/bin/sarb remove phpcs.baseline
```

#### [Phan](https://github.com/phan/phan)

[](#phan)

```
vendor/bin/phan -m json | vendor/bin/sarb create --input-format="phan-json" phan.baseline
vendor/bin/phan -m json | vendor/bin/sarb remove phan.baseline
```

See notes on [relative paths](docs/ResultsWithRelativePaths.md).

### [Exakat](https://www.exakat.io/)

[](#exakat)

```
php exakat.phar report -p  -format sarb | vendor/bin/sarb create --input-format="exakat-sarb" exakat.baseline
php exakat.phar report -p  -format sarb | vendor/bin/sarb remove exakat.baseline
```

### [PHPMD](https://github.com/phpmd/phpmd)

[](#phpmd)

```
vendor/bin/phpmd src json  | vendor/bin/sarb create --input-format="phpmd-json" phpmd.baseline
vendor/bin/phpmd src json  | vendor/bin/sarb remove phpmd.baseline
```

#### [Psalm](https://psalm.dev)

[](#psalm)

```
vendor/bin/psalm --output-format=json | vendor/bin/sarb create --input-format="psalm-json" psalm.baseline
vendor/bin/psalm --output-format=json | vendor/bin/sarb remove psalm.baseline
```

NOTE: Checkout Psalm's built in [baseline feature](https://psalm.dev/docs/running_psalm/dealing_with_code_issues/#using-a-baseline-file). Learn how [it differs from SARB](docs/SarbVsOtherBaseliningTechniques.md).

#### [PHPStan](https://phpstan.org)

[](#phpstan)

```
vendor/bin/phpstan analyse --error-format=json | vendor/bin/sarb create --input-format="phpstan-json" phpstan.baseline
vendor/bin/phpstan analyse --error-format=json | vendor/bin/sarb remove phpstan.baseline
```

NOTE: Checkout PHPStan's built in [baseline feature](https://phpstan.org/user-guide/baseline). Learn how [it differs from SARB](docs/SarbVsOtherBaseliningTechniques.md).

#### [PHP Magic Number Detector](https://github.com/povils/phpmnd)

[](#php-magic-number-detector)

```
vendor/bin/phpmnd . | vendor/bin/sarb create --input-format="phpmnd" phpmnd.baseline
vendor/bin/phpmnd . | vendor/bin/sarb remove phpmnd.baseline
```

See notes on [relative paths](docs/ResultsWithRelativePaths.md).

My tool isn't supported...
--------------------------

[](#my-tool-isnt-supported)

That's no problem there are 3 methods to [integrate a static analysis tool](docs/CustomInputFormats.md) with SARB.

Output formats
--------------

[](#output-formats)

The format for showing issues after the baseline is removed can be specified using `--output-format` option. Possible values are: `table`, `text`, `json` or `github` (for GitHub actions).

Ignoring warnings
-----------------

[](#ignoring-warnings)

Some static analysis tools (e.g. PHP Code Sniffer) classify issues with a severity or either `error` or `warning`. By default, SARB will report all of these. If you wish to ignore warnings you can use the `--ignore-warnings` option.

E.g.

```
vendor/bin/phpcs src --report=json | vendor/bin/sarb remove phpcs.baseline --ignore-warnings
```

SARB with GitHub Actions
------------------------

[](#sarb-with-github-actions)

If you're using `actions/checkout@v2` to check out your code you'll need to add set `fetch-depth` to `0`. By default `checkout` only gets that latest state of the code and none of the history. SARB uses git, which needs the full git history, to track file changes since the baseline. To get the full history checked out use this:

```
- uses: actions/checkout@v2
  with:
    fetch-depth: 0

```

Also don't forget to use the SARB option `--output-format=github`. It will annotate your PR with any issues that have been added since the baseline.

Gradually improving the codebase
--------------------------------

[](#gradually-improving-the-codebase)

In an ideal world SARB should not be required. SARB prevents you from adding new issues to your codebase.

It also provides a `--clean-up` option when running `remove`. Running SARB with this option will pick out 5 random issues that are still in the baseline. Challenge your team to fix 5 issues in the baseline every day. Over a working year that'll be 1000 issues gone from the baseline! Soon you'll be able to ditch SARB for good!

Further Reading
---------------

[](#further-reading)

- [How SARB works](docs/HowSarbWorks.md)
- [Adding support for new static analysis tools / format](docs/NewResultsParser.md)
- [Adding support for SCMs other than git](docs/NewHistoryAnalyser.md)
- [How to contribute](docs/Contributing.md)
- [Code of Conduct](docs/CodeOfConduct.md)
- [Unified Diff Terminology](docs/UnifiedDiffTerminology.md)
- [SARB format](docs/SarbFormat.md)
- [SARB vs other tools with baselining functionality](docs/SarbVsOtherBaseliningTechniques.md)

Authors
-------

[](#authors)

- [Dave Liddament](https://www.daveliddament.co.uk) [@daveliddament](https://twitter.com/daveliddament)
- [Community contributors](https://github.com/daveliddament/sarb/graphs/contributors)

###  Health Score

62

—

FairBetter than 99% of packages

Maintenance62

Regular maintenance activity

Popularity57

Moderate usage in the ecosystem

Community20

Small or concentrated contributor base

Maturity89

Battle-tested with a long release history

 Bus Factor1

Top contributor holds 97.9% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~89 days

Recently: every ~191 days

Total

26

Last Release

499d ago

Major Versions

0.8.0 → 1.0.02021-03-04

PHP version history (8 changes)0.1.0PHP &gt;=7.1

0.4.0PHP &gt;=7.1 &lt;8

0.6.0PHP &gt;=7.2 &lt;8

1.0.0PHP &gt;=7.3 &lt;8.1

1.2.0PHP &gt;=7.3 &lt;8.2

1.7.0PHP &gt;=8.0 &lt;8.3

1.8.0PHP &gt;=8.0 &lt;8.4

1.10.0PHP &gt;=8.0 &lt;8.5

### Community

Maintainers

![](https://www.gravatar.com/avatar/dc81fab8d878316b9117eb3a8fe3abece1d25a37c3099d76c6f3651f82991505?d=identicon)[DaveLiddament](/maintainers/DaveLiddament)

---

Top Contributors

[![DaveLiddament](https://avatars.githubusercontent.com/u/6787687?v=4)](https://github.com/DaveLiddament "DaveLiddament (570 commits)")[![szepeviktor](https://avatars.githubusercontent.com/u/952007?v=4)](https://github.com/szepeviktor "szepeviktor (4 commits)")[![dseguy](https://avatars.githubusercontent.com/u/170418?v=4)](https://github.com/dseguy "dseguy (2 commits)")[![tborealis](https://avatars.githubusercontent.com/u/1591228?v=4)](https://github.com/tborealis "tborealis (2 commits)")[![nigel-dunn](https://avatars.githubusercontent.com/u/5080938?v=4)](https://github.com/nigel-dunn "nigel-dunn (1 commits)")[![sasezaki](https://avatars.githubusercontent.com/u/42755?v=4)](https://github.com/sasezaki "sasezaki (1 commits)")[![tonivdv](https://avatars.githubusercontent.com/u/1267658?v=4)](https://github.com/tonivdv "tonivdv (1 commits)")[![WillyReyno](https://avatars.githubusercontent.com/u/5576482?v=4)](https://github.com/WillyReyno "WillyReyno (1 commits)")

---

Tags

phpstatic analysisbaseline

###  Code Quality

TestsPHPUnit

Static AnalysisPHPStan

Code StylePHP CS Fixer

Type Coverage Yes

### Embed Badge

![Health badge](/badges/dave-liddament-sarb/health.svg)

```
[![Health](https://phpackages.com/badges/dave-liddament-sarb/health.svg)](https://phpackages.com/packages/dave-liddament-sarb)
```

###  Alternatives

[sylius/sylius

E-Commerce platform for PHP, based on Symfony framework.

8.4k5.6M651](/packages/sylius-sylius)[behat/behat

Scenario-oriented BDD framework for PHP

4.0k96.8M2.0k](/packages/behat-behat)[phan/phan

A static analyzer for PHP

5.6k11.2M1.1k](/packages/phan-phan)[sulu/sulu

Core framework that implements the functionality of the Sulu content management system

1.3k1.3M152](/packages/sulu-sulu)[shopware/platform

The Shopware e-commerce core

3.3k1.5M3](/packages/shopware-platform)[symplify/monorepo-builder

Not only Composer tools to build a Monorepo.

5205.3M82](/packages/symplify-monorepo-builder)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)