How to configure GitLab's phpcs-security-audit analyzer?

1.1k Views Asked by August Janse At 08 November 2025 at 18:34

I am trying to use phpcs-security-audit by including GitLab's SAST template. It generates a report as expected, but the report is filled with warnings from libraries and specific warnings that I would like to ignore for the report to be useful.

If I ran phpcs and phpcs-security-audit myself, I could store settings in a config file. Storing settings in .phpcs.xml works locally, but has no effect on GitLab's phpcs-security-audit analyzer. I can't find any documentation for it. Is it possible to configure the analyzer, and if so how?

Original Q&A

There are 1 best solutions below

Leon On 12 November 2021 at 04:24 BEST ANSWER

Yes you can. It's simple, create directory .gitlab, inside that create file called sast-ruleset.toml. In the sast-ruleset.toml, add this following code:

[phpcs-security-audit]
  [[phpcs-security-audit.ruleset]]
    disable = true

    [phpcs-security-audit.ruleset.identifier]
    type = "phpcs_security_audit_source"
    value = "PHPCS_SecurityAudit.BadFunctions.FilesystemFunctions.WarnFilesystem"

value is warning that you want to ignore, you can get the value in the Security Tab, go to the warning and select the Identifiers.

See the Gitlab documentation for more details.

How to configure GitLab's phpcs-security-audit analyzer?

There are 1 best solutions below

Related Questions in PHP

Related Questions in GITLAB

Related Questions in GITLAB-CI

Related Questions in PHPCS

Related Questions in SAST

Trending Questions

Popular # Hahtags

Popular Questions