Scan a PHP Project for Upgrade Drift
Scan a PHP project with Vibgrate CLI to get a DriftScore across Composer dependencies, generate a Markdown report, and add a CI gate.
PHP projects manage dependencies with Composer, and those pinned versions drift behind upstream over time. Vibgrate CLI detects the PHP ecosystem from your Composer files, scans for drift, and reports a DriftScore so you can plan upgrades before they become migrations.
Prerequisites
- A PHP project with
composer.jsonandcomposer.lock - Vibgrate CLI installed, or use the no-install form
Steps
1. Install the CLI
npm i -g @vibgrate/cli
Or try it without installing:
npx @vibgrate/cli scan
2. Scan the project
From the project root:
vg
Vibgrate detects PHP from your Composer files and reports drift findings by severity.
3. Read the findings
The DriftScore (0-100) summarizes accumulated upgrade risk. Review the top findings to plan dependency updates.
4. Generate a Markdown report
Produce a shareable report:
vg scan --format markdown --out vibgrate.md
You can also build a report from existing scan artifacts:
vg report
5. Add a CI gate
Fail the run when error-level drift appears:
vg scan --fail-on error
Verification
Confirm the scan printed a DriftScore and that vibgrate.md renders cleanly. With --fail-on error, check the exit code to confirm the gate stops CI on high-severity drift.
Next Steps
Create a baseline with vg baseline to track drift over releases, and explore the Dependency Risk scanner for deprecated packages.