Skip to main content

Scan a PHP Project for Upgrade Drift

Scan a PHP project with Vibgrate CLI to get a DriftScore across Composer dependencies, generate a Markdown report, and add a CI gate.

Difficulty
Beginner
Duration
15 minutes
Steps
5

PHP projects manage dependencies with Composer, and those pinned versions drift behind upstream over time. Vibgrate CLI detects the PHP ecosystem from your Composer files, scans for drift, and reports a DriftScore so you can plan upgrades before they become migrations.

Prerequisites

  • A PHP project with composer.json and composer.lock
  • Vibgrate CLI installed, or use the no-install form

Steps

1. Install the CLI

npm i -g @vibgrate/cli

Or try it without installing:

npx @vibgrate/cli scan

2. Scan the project

From the project root:

vg

Vibgrate detects PHP from your Composer files and reports drift findings by severity.

3. Read the findings

The DriftScore (0-100) summarizes accumulated upgrade risk. Review the top findings to plan dependency updates.

4. Generate a Markdown report

Produce a shareable report:

vg scan --format markdown --out vibgrate.md

You can also build a report from existing scan artifacts:

vg report

5. Add a CI gate

Fail the run when error-level drift appears:

vg scan --fail-on error

Verification

Confirm the scan printed a DriftScore and that vibgrate.md renders cleanly. With --fail-on error, check the exit code to confirm the gate stops CI on high-severity drift.

Next Steps

Create a baseline with vg baseline to track drift over releases, and explore the Dependency Risk scanner for deprecated packages.

Prerequisites

  • A PHP project with composer.json and composer.lock
  • Vibgrate CLI installed

Steps

  • 1
    Install the CLI
  • 2
    Scan the project
  • 3
    Read the findings
  • 4
    Generate a Markdown report
  • 5
    Add a CI gate

Category

Vibgrate