Skip to content
check

GitHub Action

Psalm – Security Scanner for PHP

1.4.0 Latest version

Psalm – Security Scanner for PHP

check

Psalm – Security Scanner for PHP

Find security vulnerabilities in your PHP codebase with Psalm, a free and open-source tool created by Vimeo

Installation

Copy and paste the following snippet into your .yml file.

              

- name: Psalm – Security Scanner for PHP

uses: psalm/psalm-github-security-scan@1.4.0

Learn more about this action in psalm/psalm-github-security-scan

Choose a version

Psalm Github Security Scan

Run Psalm’s Security Analysis as a Github action (a more general version can be found here).

name: Psalm Security Scan

on: [push, pull_request]

jobs:
  psalm-security-scan:
    name: Psalm
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v3

      - name: Psalm Security Scan
        uses: docker://ghcr.io/psalm/psalm-security-scan
        
      - name: Import Security Analysis results into GitHub Security Code Scanning
        uses: github/codeql-action/upload-sarif@v2
        with:
          sarif_file: results.sarif

Specify Psalm version

You can also specify a version.

-        uses: docker://ghcr.io/psalm/psalm-security-scan
+        uses: docker://ghcr.io/psalm/psalm-security-scan:5.7.7