Integrate Psalm with Vulnetix. Analyze PHP code for type errors and security issues like tainted data with SARIF output.
PHPCLI toolSARIF
Install & scan
$ composer require --dev vimeo/psalm $ ./vendor/bin/psalm --output-format=sarif > psalm.sarif
Run Psalm in CI
Scan on every push and upload the results to Vulnetix:
- name: Install Psalm run: composer require --dev vimeo/psalm - name: Run Psalm run: ./vendor/bin/psalm --output-format=sarif > psalm.sarif - name: Upload to Vulnetix run: vulnetix upload --file psalm.sarif
Centralise Psalm results in Vulnetix
Upload Psalm SARIF output to the Vulnetix platform to deduplicate findings, prioritise them with EPSS, CISA KEV and Coalition ESS exploit intelligence, and track remediation across every scanner in a single queue.