Find and fix security flaws in your Code.
By profiling applications, Blackfire collects a wide variety of metrics on deployed code, as well as configuration settings. It is a great complement to static code analyzers. Blackfire's testing features enable you to write assertions on the collected metrics. Such assertions are context-aware and are run depending on the profiled framework, as well as the environment where the code is deployed (production vs development).
Thanks to our expertise, and our network of experts, we crafted over 30 default tests that will check for code security: Security Recommendations.
Any time you profile your code with Blackfire, make sure it complies with our best practices; Blackfire will automatically detect any flaw and warn you.
Each Security Recommendation is fully documented so that you can understand where the best practice comes from, and how to fix the issue.
Blackfire is a code profiling utility. At run-time, it collects metrics on function/method calls for a given HTTP request, as well as configuration data.
It can be used on a development machine, as well as in any testing pipeline and in production to visualize, understand and improve code behavior.