Skip to content
check

GitHub Action

Psalm – Security Scanner for PHP

1.2.1 Latest version
Use latest version
check

Psalm – Security Scanner for PHP

Find security vulnerabilities in your PHP codebase with Psalm, a free and open-source tool created by Vimeo

Installation

Copy and paste the following snippet into your .yml file.

- name: Psalm – Security Scanner for PHP
  uses: psalm/psalm-github-security-scan@1.2.1
Learn more about this action in psalm/psalm-github-security-scan
Choose a version

Psalm Github Security Scan

Run Psalm’s Security Analysis as a Github action (a more general version can be found here).

name: Psalm Security Scan

on: [push, pull_request]

jobs:
  psalm:
    name: Psalm
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v2

      - name: Psalm Security Scan
        uses: docker://ghcr.io/psalm/psalm-security-scan
        
      - name: Upload Security Analysis results to GitHub
        uses: github/codeql-action/upload-sarif@v1
        with:
          sarif_file: results.sarif

Specify Psalm version

You can also specify a version.

-        uses: docker://ghcr.io/psalm/psalm-security-scan
+        uses: docker://ghcr.io/psalm/psalm-security-scan:4.2.1