It is complementary to the profiler in core which uses Tideways. The key downside to Tideway is that it has a substantial performance hit and can’t be used in production to capture everything and only later decide what to keep or analyse.
PHP Agent for Elastic APM – This is a community PHP agent for Elastic.co’s APM solution.
Already housing logs and system metrics in Elasticsearch? Expand to application metrics with free and open Elastic APM. See exactly where your application is spending time so you can quickly fix issues and feel good about the code you push.
And PHP APM agent
SPX, which stands for Simple Profiling eXtension, is just another profiling extension for PHP.
It differentiates itself from other similar extensions as being:
- totally free and confined to your infrastructure (i.e. no data leaks to a SaaS).
- very simple to use: just set an environment variable (command line) or switch on a radio button (web page) to profile your script. Thus, you are free of:
- manually instrumenting your code (Ctrl-C a long running command line script is even supported).
- using a dedicated browser extension or command line launcher.
- multi metrics capable: 21 currently supported (various time metrics, memory, included files, objects in use, I/O…).
- able to collect data without losing context. For example Xhprof (and potentially its forks) aggregates data per caller / callee pairs, which implies the loss of the full call stack and forbids timeline or Flamegraph based analysis.
- shipped with its web UI which allows to:
- enable / configure profiling for the current browser session
- list profiled script reports
- select a report for in-depth analysis, featuring these interactive visualizations:
- timeline (scale to millions of function calls)
- flat profile
Collect Code-Level Performance Tracing
Retrace collects an amazing amount of details about what is happening at the code level within your application. It is a gold mine for developers who are trying to troubleshoot bugs and look for ways to optimize their code.
- Web request length and context details
- SQL queries
- Log statements and exceptions
- Interaction with dozens of dependencies like NoSQL, caching, etc
- External HTTP web service calls
Your mission control center for PHP application performance
Tideways saves you time by taking the guesswork out of your app’s backend performance. Gain detailed insights, spot performance bottlenecks, and get real-time error detection alerts.
APM (Alternative PHP Monitor) is a monitoring extension enabling native Application Performance Management (APM) for PHP. It doesn’t require any modification to your application’s code and let’s you collect performance metrics as well as catching issues that may arise.
“You manage your PHP project dependencies with Composer, right? But are you sure that your project is not dependent on a package with known security issues? The SensioLabs security advisories checker is a simple tool, available as a web service or as an online application, that uses the information from your
composer.lock file to check for known security vulnerabilities. This checker is a frontend for the security advisories database.” / SensioLabs.
phpcs-security-audit is a set of PHP_CodeSniffer rules that finds flaws or weaknesses related to security in PHP and its popular CMS or frameworks.
It currently has core PHP rules as well as Drupal 7 specific rules. Next planned CMS/framework is Symfony 2, which are also relevant to Moodle.
As a bonus set of rules, the tool also check for CVE issues and security advisories related to CMS/framework. You can use it in order to follow the versioning of components during static code analysis.
The main reasons of this project for being an extension of PHP_CodeSniffer is to have easy integration into continuous integration systems and to be able to find security bugs that are not detected with object oriented analysis (like in RIPS or PHPMD).
- Install: https://moodle.org/plugins/local_codechecker
- Git clone above github project (phpcs-security-audit)
- Follow project’s README install instructions, and also…
- Copy https://github.com/FloeDesignTechnologies/phpcs-security-audit/tree/master/Security/Sniffs/BadFunctions folder into your Moodle local/codechecker/moodle/Sniffs
- Copy https://github.com/FloeDesignTechnologies/phpcs-security-audit/tree/master/Security/Sniffs/CVE folder into your Moodle local/codechecker/moodle/Sniffs
Webgrind is a Xdebug profiling web frontend in PHP. It implements a subset of the features of kcachegrind and installs in seconds and works on all platforms. For quick’n’dirty optimizations it does the job. Here’s a screenshot showing the output from profiling:
- Super simple, cross platform installation – obviously 🙂
- Track time spent in functions by self cost or inclusive cost. Inclusive cost is time inside function + calls to other functions.
- See if time is spent in internal or user functions.
- See where any function was called from and which functions it calls.
- Generate a call graph using gprof2dot.py
Suggestions for improvements and new features are more than welcome – this is just a start.