Static analysis tool for Magento 2 codebases. Detects anti-patterns, security risks, and architectural issues.
- 16 processors for DI, code quality, templates, and architecture
- Zero dependencies - standalone PHAR (~165KB)
- CI/CD ready - SARIF output for GitHub Code Scanning
- Docker image available
# Download from releases
php easyaudit.phar scan /path/to/magento --format=sarifdocker run --rm -v $PWD:/workspace ghcr.io/crealoz/easyaudit:latest \
scan /workspace --format=sarif --output=/workspace/report/easyaudit.sarifgit clone git@github.com:crealoz/easyaudit-cli.git
php bin/easyaudit scan /path/to/magento| Format | Use Case |
|---|---|
text |
Console output (default) |
json |
Tooling and scripting |
sarif |
GitHub Code Scanning |
name: EasyAudit Scan
on: [push, pull_request]
permissions:
contents: read
security-events: write
jobs:
scan:
runs-on: ubuntu-latest
container:
image: ghcr.io/crealoz/easyaudit:latest
steps:
- uses: actions/checkout@v4
- run: |
mkdir -p report
easyaudit scan --format=sarif --output=report/easyaudit.sarif \
--exclude="vendor,generated,var,pub/static,pub/media" "$GITHUB_WORKSPACE"
- uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: report/easyaudit.sarif
- CLI Usage - Commands, options, examples
- Available Processors - All 16 analysis rules
- CI/CD Integration - GitHub, GitLab, Bitbucket, Azure, CircleCI, Jenkins, Travis
- Automated PR (paid) - Auto-fix via API
- PHP 8.1+
- Docker (optional)
MIT