We have some pain around the PHP analyzer taking a long time to run against our code base. We’re at 700k lines of code, and the scan takes around 5 minutes to run. While this may not seem like a lot, it’s definitely slowing down our day to day workflow, and is making people try to push to switch to another solution.
If I look at the cfamily analyzer it supports several things that the PHP one does not - such as the analysis cache and parallel scanning. From what the documentation suggests, these features do not appear to exist within the PHP analyzer.
I would expect that getting the PHP analyzer up to feature parity with the C family one would solve a lot of our speed issues.
Thanks for the feedback. Speed is strategic for us and we are committed to delivering to our users the fastest analyzer possible while still keeping the depth and accuracy of the results. There is always a trade-off and we do our best to find a good balance.
We published here the execution time you should expect for a first initial analysis and the following ones according to the size of your projects. From what you are sharing 700K LOCs scanned in 5 minutes is actually pretty good according to our internal measurements.
We are not yet reaching our target execution times for PR analysis and second+ analysis of branches for PHP projects. So far, we focused on optimizing CFamily, Java, JavaScript (an announcement will be published in the coming days), and COBOL. The next language that will benefit from these performance improvements, will be PHP.