EasyAudit

Static analysis tool for Magento 2 codebases. Detects anti-patterns, security risks, and architectural issues.

Features

19 processors for DI, code quality, templates, performance, and architecture
Zero dependencies - standalone PHAR (~455KB)
CI/CD ready - SARIF output for GitHub Code Scanning
Docker image available
Auto-fix - Automatic patch generation via API

Quick Start

Using PHAR

# Download latest PHAR
curl -LO https://github.com/crealoz/easyaudit-cli/releases/latest/download/easyaudit.phar
chmod +x easyaudit.phar

# Run
php easyaudit.phar scan /path/to/magento --format=sarif

Using Docker

docker run --rm -v $PWD:/workspace ghcr.io/crealoz/easyaudit:latest \
  scan /workspace --format=sarif --output=/workspace/report/easyaudit.sarif

From Source

git clone git@github.com:crealoz/easyaudit-cli.git
php bin/easyaudit scan /path/to/magento

Output Formats

Format	Use Case
`json`	Tooling and scripting (default)
`sarif`	GitHub Code Scanning
`html`	Visual report, shareable via browser or PDF

Console output is always displayed during scan.

GitHub Actions

Scan & upload to Code Scanning

name: EasyAudit Scan

on: [push, pull_request]

permissions:
  contents: read
  security-events: write

jobs:
  scan:
    runs-on: ubuntu-latest
    container:
      image: ghcr.io/crealoz/easyaudit:latest
    steps:
      - uses: actions/checkout@v6
      - run: |
          mkdir -p report
          easyaudit scan --format=sarif --output=report/easyaudit.sarif \
            --exclude="vendor,generated,var,pub/static,pub/media" "$GITHUB_WORKSPACE"
      - uses: github/codeql-action/upload-sarif@v4
        with:
          sarif_file: report/easyaudit.sarif

Private repos: SARIF upload requires GitHub Advanced Security, which is a paid feature for private repositories. Use --format=json or --format=html with upload-artifact instead. See GitHub Actions docs for alternative workflows.

Scan, fix & create PR (paid)

One-click workflow: scan, call the paid API for fixes, and open a PR with the patches. Requires EASYAUDIT_AUTH secret.

See Automated PR docs for the full workflow file and setup instructions.

Documentation

CLI Usage - Commands, options, examples
Available Processors - All 19 analysis rules
CI/CD Integration - GitHub, GitLab, Bitbucket, Azure, CircleCI, Jenkins, Travis
Automated PR (paid) - Auto-fix via API
Developer Guide: Writing Processors | Utilities Reference

Requirements

PHP 8.1+
Docker (optional)

License

MIT

Name		Name	Last commit message	Last commit date
Latest commit History 59 Commits
.github		.github
_layouts		_layouts
assets		assets
bin		bin
docs		docs
images		images
src		src
tests		tests
.gitignore		.gitignore
CHANGELOG.md		CHANGELOG.md
Dockerfile		Dockerfile
LICENSE		LICENSE
README.md		README.md
_config.yml		_config.yml
box.json		box.json
composer.json		composer.json
coverage.xml		coverage.xml
phpcs.xml		phpcs.xml
phpunit.xml		phpunit.xml
psalm.xml		psalm.xml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

EasyAudit

Features

Quick Start

Using PHAR

Using Docker

From Source

Output Formats

GitHub Actions

Scan & upload to Code Scanning

Scan, fix & create PR (paid)

Documentation

Requirements

License

About

Uh oh!

Releases 13

Packages

Uh oh!

Contributors 3

Uh oh!

Languages

License

crealoz/easyaudit-cli

Folders and files

Latest commit

History

Repository files navigation

EasyAudit

Features

Quick Start

Using PHAR

Using Docker

From Source

Output Formats

GitHub Actions

Scan & upload to Code Scanning

Scan, fix & create PR (paid)

Documentation

Requirements

License

About

Topics

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases 13

Packages 0

Uh oh!

Contributors 3

Uh oh!

Languages

Packages