PHPackages designsecurity/progpilot - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. designsecurity/progpilot ActiveLibrary[Security](/categories/security) designsecurity/progpilot ======================== A Static Analyser for security v1.3.0(9mo ago)36272.3k↑107.3%63[4 issues](https://github.com/designsecurity/progpilot/issues)1MITPHPPHP >=8.3CI passing Since Sep 8Pushed 9mo ago14 watchersCompare [ Source](https://github.com/designsecurity/progpilot)[ Packagist](https://packagist.org/packages/designsecurity/progpilot)[ RSS](/packages/designsecurity-progpilot/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (10)Dependencies (8)Versions (17)Used By (1) progpilot ========= [](#progpilot) > A static application security testing (SAST) for PHP [![Build Status](https://github.com/designsecurity/progpilot/actions/workflows/main.yml/badge.svg)](https://github.com/designsecurity/progpilot/actions) [![Packagist](https://camo.githubusercontent.com/dcaede0f701ca6c0f44a6aca3fbb836162f15236111b131ccb4d33e18735a1b7/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f64657369676e73656375726974792f70726f6770696c6f742e737667)](https://packagist.org/packages/designsecurity/progpilot) [![Packagist](https://camo.githubusercontent.com/f8e6f156d7ea11e9694cd408d2638f716b649c5afb3dd4fd5516dc556a82face/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f6c2f64657369676e73656375726974792f70726f6770696c6f742e737667)](LICENSE) -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- [](#--) Installation ------------ [](#installation) There are many options available, select the one that best suits your use case. ### Use PHAR releases [](#use-phar-releases) - Download the latest PHAR archive from the [releases](https://github.com/designsecurity/progpilot/releases) page. - Place the file somewhere in your path and make it executable: ``` chmod +x progpilot_vX.Y.Z.phar sudo mv progpilot_vX.Y.Z.phar /usr/local/bin/progpilot ``` ### Use Docker [](#use-docker) - Build the docker image ([detailed documentation on this page](./DOCKER.md)) and run the container: ``` docker build -t progpilot . docker run -v $(pwd):/workspace progpilot /workspace/path/to/your/file.php ``` ### Build PHAR archive from source code [](#build-phar-archive-from-source-code) [phar-composer.phar](https://github.com/clue/phar-composer/releases) should be located in a directory listed in the `$PATH` environment variable: ``` git clone https://github.com/designsecurity/progpilot cd progpilot ./build.sh ``` The resulting phar archive will be located in the `builds` folder at the root of this project. ### Use composer [](#use-composer) Install the package with [composer](https://getcomposer.org/), typically when using progpilot as a library of your PHP project: ``` composer require --dev designsecurity/progpilot ``` Configuration ------------- [](#configuration) Use a yaml configuration file (look at [this example](./projects/example_config/configuration.yml)) to configure and customize the progpilot analysis otherwise the default configuration will be used with, in particular the standard [taint configuration data](./package/src/uptodate_data). Usage ----- [](#usage) ### CLI example [](#cli-example) The progpilot command takes as arguments the path to the files and folders to be analyzed and optionally a configuration file: ``` # without config file progpilot example1.php example2.php folder1/ folder2/ # with a config file progpilot --configuration configuration.yml example1.php example2.php folder1/ folder2/ ``` If you installed it with `composer`, the program will be located at `vendor/bin/progpilot`. ### Library example [](#library-example) It is also possible to use progpilot inside PHP code. For more information look at the [API documentation](./docs/API.md). Use this code to analyze *source\_code1.php*: ```