Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Fabien Potencier:
The Symfony Trademark
Mar 15, 2017 @ 09:49:58

In a post to his own site Fabien Potencier attempts to clear up any confusion around the use of the Symfony trademark and how SensioLabs manages that trademark.

This blog post has been written after some concerns expressed on Twitter and Reddit about how SensioLabs manages the Symfony trademark. If you want to read the details about the Grafikart issue, scroll to the end [of the post]; reading the whole post is recommended though if you want to understand the whole story.

Fabien starts at the very beginning, talking about how he selected the name for the framework and how it evolved over the years. It was a few years in when he decided to register the trademark officially and the legal battle that came with it. He also talks about the trademark policies they worked up and other projects that have a similar setup. He then gets into some more specific examples where there could be conflicts with these rules.

Enforcing the trademark is a painful process and it costs a lot of money. But I'm convinced that doing so is my responsibility. Would it be fair to say no to people who follow the rules by asking for permission and let other companies do whatever they want? Not in my book.

The rest of the post is dedicated to one particular issue (involving Grafikart) and the issues that came up because of mishandling on the legal side and the changes being made to prevent the confusion in the future.

tagged: symfony trademark sensiolabs framework grafikart

Link: http://fabien.potencier.org/the-symfony-trademark.html

Voices of the ElePHPant:
Interview with Beau Simensen (#2)
Dec 27, 2016 @ 09:36:09

The Voices of the ElePHPant podcast has posted their latest episode, another in their series of interviews with members of the PHP community. In this latest show host Cal Evans talks with Beau Simensen of SensioLabs.

Cal and Beau talk about Beau's work at SensioLabs and some of his recent interactions with the community. They also talk about the difference between PHP conferences and Symfony conferences and why they vary so widely in audience size. They also talk about Symfony Flex (introduced in a recent keynote) and what it provides to make it simpler to bootstrap a new application. They also talk about SensioCloud, a new hosting platform geared for developers with a mostly command-line interface.

You can catch this latest episode either using the in-page audio or video player or you can download the mp3 of the show directly. If you enjoy the show, be sure to subscribe to their feed and follow them on Twitter for updates as new episodes are released.

tagged: voicesoftheelephpant podcast interview beausimensen sensiolabs

Link: https://voicesoftheelephpant.com/2016/12/27/interview-beau-simensen/

BitExpert Blog:
Enforce software layer dependencies with deptrac
Aug 19, 2016 @ 10:54:24

On the BitExpert.de blog there's a new post from Stephan Hochdörfer covering the enforcement of software layer dependencies with the help of the deptrac tool from Sensiolabs.

Deptrac is a tool recently announced by Sensionlabs. It helps you keep dependencies between the different layers in your architecture under better control by providing insight into the current state of the dependencies and warns you when unwanted dependencies get introduced.

He gives the commands to get the tool installed and how to initialize the repository with a default configuration file. He then provides an example using the Adrenaline framework and how the request/response relate to the HTTP handling. He includes the configuration changes to make for these relationships and, finally, how to run the analysis on your code to ensure the dependencies are correct.

tagged: software layer dependencies deptrac sensiolabs

Link: https://blog.bitexpert.de/blog/enforce-software-layer-dependencies-with-deptrac/

SitePoint PHP Blog:
Crash Course into Continuous Testing with Sismo
Mar 29, 2016 @ 12:03:54

On the SitePoint PHP blog there's a tutorial posted helping you get started with Sismo, a simple component that can help you with the continuous testing of your PHP applications. Sismo is a project from SensioLabs, the same group behind Symfony and Twig (and several other popular tools).

The PHP community started to adopt the testing culture relatively recently. Despite there being some debates on how to achieve this, nobody can argue the importance of having your code fully covered by tests. In this article, we’re going to explore a tool that will help you in a major part of the testing culture called continuous testing.

Sismo is a small component which you can easily integrate with your projects to make the process of continuous testing easier. Sismo's main focus is to run your tests and send you status notifications.

They help you get the tool installed (either from GitHub or directly) and configure your project with a simple PHP file. They also include instructions on how to execute the tests for the project and an example of the resulting output. The tutorial then shows how to set up a project using the remote repository handling, setting up notifiers for failures, storing the build information and using it in a git hook.

tagged: continuous testing sismo sensiolabs tutorial setup configuration phpunit test

Link: http://www.sitepoint.com/continuous-testing-with-sismo/

SitePoint PHP Blog:
Check Your Code’s Quality with SensioLabs Insight
Aug 07, 2014 @ 12:25:20

On the SitePoint PHP blog today there's a new post by Peter Nijssen introducing you to the SensioLabs Insight service and how it can improve your code quality (including locating security concerns).

The quality of your code is as important as testing your application. Recently, we have seen multiple articles which hopefully helped you on your way to providing a more stable application. Today, we are going to have a closer look at SensioLabs Insight. If you used Symfony or Silex in the past, you are probably familiar with SensioLabs, since they are the main sponsor of the Symfony framework.

He quickly introduces the service, mentioning what it has to offer and how to get your account all set up (free for open source libraries but it requires the results to be public). He includes some screenshots showing what the setup and scan results of your project might look like. He shows how to get more detail on the findings and how they can easily be exported to your bug tracker for fixing. He also covers some of the configuration you can do (through a YAML file) to tell Insight things like: php.ini settings, directories to exclude and specific rules to run during the scans.

tagged: sensiolabs insight introduction service scan code quality

Link: http://www.sitepoint.com/check-codes-quality-sensiolabs-insight/

SensioLabs Insight Blog:
Jenkins integration
Mar 13, 2014 @ 09:06:25

The latest post to the SensioLabs Insight blog today shows you how you can integrate the service with Jenkins as a part of your pre-existing continuous integration workflow.

One of the main features of SensioLabsInsight service is that it integrates smoothly into your existing workflow and technical infrastructure. We know that most companies use Jenkins as their continuous integration server and for that reason, SensioLabsInsight provides out-of-the-box Jenkins integration.

The integration uses the Insight API to perform the checks and return a report of the results. They step you through the process to get the connection set up (using the API client) and send the request for processing. The result is returned in PMD format, something Jenkins can easily parse and integrate into the pass/fail of the job. You can also get the details of the issues including error message, file location and the priority of the issue.

tagged: jenkins continuous integration sensiolabs insight

Link: http://blog.insight.sensiolabs.com/2014/02/12/jenkins-integration.html

Fabien Potencier:
SensioLabs raises 5 million euros to boost the Symfony ecosystem
Dec 16, 2013 @ 09:39:43

On his site today Fabien Potencier shares some wonderful news for the Symfony community - Sensio has raised 5 million Euros to help boost the Symfony project and its ecosystem.

Fund raising in the PHP world does not happen that often, and that makes me sad. Of course, PHP has big players like Automattic, Acquia, or Zend, but the PHP world has so many great solutions, great products, and a large community of very talented developers. They deserve more exposure and I hope that our fund raising is one small step into that direction.

As far as their plans on what to do with the funds, they're talking about a few options - improvement of the whole ecosystem around the framework, hiring developers dedicated to the work SensioLabs does for the framework and things like SensioLabs Insight.

tagged: sensiolabs fund symfony framework ecosystem community

Link: http://fabien.potencier.org/article/71/sensiolabs-raises-5-million-euros-to-boost-the-symfony-ecosystem

Pádraic Brady:
Publishing Security Disclosures In Consumable Formats
May 16, 2013 @ 09:03:59

Pádraic Brady has a new post today proposing that what the PHP ecosystem needs is a way to better publish security disclosures in a format that's easy to parse and deal with.

This is a branch off from a separate discussion on the PHP-FIG mailing list about other ways the Framework Interoperability Group can encourage and foster wider interoperability among its member projects (and by extension, the whole PHP community). I’ll start by noting two interesting developments in recent months and one long standing best practice.

The two "interesting developments" he mentions are the relatively recently released SensioLabs Security Checker that uses you Composer file to find security issues and the new entry in the latest version of the OWASP Top 10 list for "Using Components with Known Vulnerabilities". The best practice he talks about is more around the timely/responsible disclosure of vulnerabilities and how some kind of decentralized tracking of these issues that puts the responsibility back on the developers of the tool and not on one tracking resource.

tagged: security disclosure feed proposal sensiolabs checker owasp

Link: http://blog.astrumfutura.com/2013/05/publishing-security-disclosures-in-consumable-formats-for-simpler-aggregation-and-security-checking

Fabien Potencier:
Don't use PHP libraries with known security issues
Feb 20, 2013 @ 10:54:20

In his latest post Fabien Potencier introduces a new effort to help PHP developers using Composer for their dependencies find potential security issues automatically - the security.sensiolabs.com site.

I want to provide a simple and efficient way to check for vulnerabilities in a project and I want to serve more than just the Symfony community. That's why I'm really proud to announce a new SensioLabs initiative: a simple way to check if your project depends on third-party libraries with known security issues. The website explains how it works in details (https://security.sensiolabs.org/), but basically, this initiative gives you several ways to check for security issues in your project dependencies based on the information contained in you composer.lock file (you are using Composer to manage your dependencies, right?)

Composer users can upload their "composer.lock" file and the system will evaluate it against the vulnerabilities it knows about and return any issues it might find. The current database is hosted on github and can be added to by anyone using a pull request. Additionally, you can install the command-line version if you want to do checks locally.

tagged: library security issue sensiolabs database checker

Link: