What we cover

Uninsured

If your project is misconfigured or requires specific tools, you may need to create a SymfonyInsight configuration file to setup your context properly. If you don't, SymfonyInsight will not be able to run as many checks as usual, leading to some parts of your projects being uninsured by our service.

Alert The dependencies of your project could not be installed

Alert Your application failed to start

Warning The Twig service of your application could not be instantiated

Security

A security breach can be a serious threat to your business. It harms your credibility and can even lead to data leaks and lawsuits. SymfonyInsight helps you detect security vulnerabilities before they reach production and setup the tools to mitigate breaches if they happen.

Alert Your project must not rely on dependencies with known security issues

Alert Your project must not use the dangerous "eval" PHP function

Alert Your project must not use the default Symfony secret

Alert Your project must store your users passwords using an safe algorithm

Alert Your project must not use the native PHP database functions

Alert Your project must use a Symfony version maintained for security fixes

Alert Your project must enable the Twig auto-escaping security feature

Warning Your project files should use safer permissions

Legal

Internet regulations around the world are becoming stricter than ever. Failing to follow these laws expose you to lawsuits and legal complaints which could deeply harm your business. SymfonyInsight helps you ensure all the components of your project are safe to use both in terms of Intellectual Property and compliance with local regulations.

Alert Your project must not rely on dependencies you are not legally allowed to use

Alert Your project must store your users passwords using an safe algorithm

Alert Your project must not use features which can be used to extract data from your users

Warning Sensitive cache/log files should not be stored in your project repository

Warning Your project session configuration could expose your users data

Data

Data leaks are one of the worst possible scenario for your business. It exposes your customers sensitive information, gives your competitors a detailed understanding of how your business work and hurt your reputation. SymfonyInsight warns you about the code that may be the source of data leaks at your application level.

Alert Your project database queries must use safety features such as bindings

Alert Your project must not contain PHP debug statements

Alert Your project must hide technical errors in production

Alert Your project must not expose sensitive infrastructure configuration

Alert Your project must not use Twig debug information in production

Alert Your project must not use features which can be used to extract data from your users

Warning Your repository should not contain potentially confidential configuration values

Warning Your project should use Symfony parameters to store potentially sensitive values

Warning Your project should use Symfony display features instead of the native PHP ones

Warning Your project session configuration could expose your users data

Warning Your project should not expose unprotected PHP files publicly

Reliability

Downtimes and bugs give a feeling of instability to your customers. They will develop a fear towards your product and when this fear becomes too strong, they will use your competitor instead. Avoiding downtimes is critical for your business in the long term. SymfonyInsight finds potential sources of major bugs and downtimes and alerts you to prevent them reaching production.

Alert Your project should not use reserved keywords

Alert Your project must not contain invalid PHP files

Alert Your project must not rely on deprecated PHP POSIX features

Alert Your project must not use the discouraged PHP short tags

Alert Your project must not contain invalid YAML files

Alert Your project must not bypass the Composer autoloader

Alert Your project must not use verbose logging in production

Alert Your project must use a Symfony version maintained for bug fixes

Alert Your project must not contain invalid Twig files

Alert Your project must not contain invalid XML files

Warning Your project should contain a composer.lock file

Warning The composer.lock file of your project should be up to date

Warning Your project should not use unstable versions of dependencies

Warning Your project should use Doctrine migrations

Warning Your project should always initialize collections in Doctrine entities constructors

Warning Your project should not rely on hard-coded absolute paths

Warning Your project re-declare properties, methods or constants in the same class, interface or trait.

Warning Your project cannot use [] when reading an array or iterable

Warning Your project must not contain invalid function or method calls

Warning Your project should not rely on undefined constants

Warning Your project should not use invalid default value types

Warning Your project should only use iterable types in foreach loops

Warning Your project inheritance architecture should be valid

Warning Your project must not contain invalid instantiations

Warning Your project should not use invalid offsets

Warning Your project should use the proper amount of placeholders in printf/sprintf/sscanf/fscanf calls

Warning Your project should not use invalid return types

Warning Your project wrongly uses traits

Warning Your project should not throw objects that do not implement \Throwable

Warning Your project should not use invalid parameter and return typehints

Warning Your project should not try to unset an undefined variable

Warning Your project should use return types

Warning A symbol used by your project is not imported properly

Warning Potential errors are silenced in your project

Warning Your project wrongly uses $this in static methods

Warning Your project uses discouraged functions to kill scripts

Warning Your project uses the sleep function, which could introduce timeouts

Warning Your project uses a path constant instead of Symfony parameters

Warning Your project contains URLs without associated code to execute

Warning Your Twig configuration uses auto-reload in production

Suggestion The composer.json file of your project should be valid

Suggestion Your project uses discouraged logical operators

Suggestion Your project should not use global variables or functions

Productivity

The accumulation of technical obstacles in your project can lead to slower iterations and decrease the productivity of your team. It prevents the release of new features and can even reach levels where your project needs to be restarted entirely. SymfonyInsight helps your developers writing code that is standard and safe over time. It ensures your code does not accumulate technical debt and that it does not rely on unstable features of your dependencies.

Alert Your project must not contain automated tests that are not ran

Alert Your project must rely on Symfony interface instead of classes when possible

Alert Your project must not create a new Request process manually

Alert Your project must not use PHP super globals

Warning Your project's Doctrine schema should be valid

Warning Your project should not use too long PHP classes

Warning Your project should not change PHP configuration dynamically

Warning Your project should not use too long PHP methods

Warning Your project should not contain unused constructor parameters

Warning Your project should not use deprecated PHP features

Warning Your project has invalid PHPStan configuration.

Warning Your project should not contain the AcmeDemoBundle example bundle

Warning Your project should not use too long Symfony actions

Warning Your project should not use GET actions to modify existing resources

Warning Your project controllers should only contains actions as public methods

Warning Your project controllers should contain a small set of actions

Warning Your project templates should not use too many variables

Warning Your project Symfony DI Container should not be passed as an argument

Warning Your project Doctrine Entity Manager should not be passed as an argument

Warning Your project "request" service should never be injected

Warning The sessions of your project should be saved in a network service

Warning Your project should not use native PHP response functions

Warning Your project repository should not contain the public bundles/ folder

Warning Your project should not contain "FIXME" comments

Warning Your project should not use deprecated classes in PHP code

Warning Your project should not use deprecated classes in services definitions

Warning Your project should not use Twig strict variables in production

Warning Your project Twig templates should not contain business logic

Suggestion Your project should not use public properties as Doctrine fields

Suggestion Your project gitignore file should not contain user-specific files

Suggestion Your project should not contain commented code

Suggestion Your project should not contain duplicated code

Suggestion Your project must not contain duplicated keys in array declarations

Suggestion Your project is using a unnecessary isset call

Suggestion Your project object parameters should be type hinted

Suggestion The code of your project must follow PSR-1 basic coding standard

Suggestion Your project should use strict comparison for booleans and null

Suggestion Your project should not contain unused code

Suggestion Your project form types should be stored in Form folders

Suggestion Your project should use the latest stable Symfony version

Suggestion Your project templates should not be too long

Suggestion Your project composer.json file should not raise warnings

Suggestion Text files should end with a valid new line character.

Suggestion Your project should not contain PHP files defining multiple classes

Suggestion Interfaces names should end with "Interface"

Suggestion Your project should always define methods and properties visibility explicitly

Reputation

When technical issues happen, it is essential that you configured tools to handle them properly. Not doing so could hurt your reputation and show a lack of professionalism to your customers. SymfonyInsight helps you set up your project correctly so that even if you have technical problems in production, these are properly handled.

Alert Your project error pages must be customised

Alert Your project must not use the low-level AccessDeniedHttpException class

Alert Your project must use a custom favicon instead of the default one

Alert Your project must provide a favicon in its public directory

Alert Your project files must be encoded in UTF-8

Warning Your project Doctrine Entity Manager should not be flushed within a loop

Warning Your project folders should not contain too many files

Warning Your project should not contain unused constructor parameters

Warning Your project should redirect users after a form has been sent

Warning Your project should contain a robots.txt file

Suggestion Your project should not use HTML links containing Javascript

Suggestion Your project should not use function in loops conditions

Suggestion The boot method of your project bundles should be empty

Suggestion Your project routes should always have a valid HTTP method

Suggestion Your project should not use too many ESI inclusions

Suggestion Your project should not use an .htaccess file

Suggestion Web applications should contain a site.webmanifest file

Our automated risk analysis covers 7 categories of threats by leveraging data from 130 automated checks, all designed to make sure your application is safe, reliable and maintainable.

Uninsured

Security

Legal

Data

Reliability

Productivity

Reputation

Uninsured

Security

Legal

Data

Reliability

Productivity

Reputation