Troubleshooting
This guide covers common issues you might encounter when using ShieldCI and how to resolve them.
Memory Issues
PHP Memory Limit Exhausted
Error:
Fatal error: Allowed memory size of 134217728 bytes exhaustedSolutions:
- Increase memory limit in configuration:
php
// config/shieldci.php
'memory_limit' => '1G', // Increase from default 512M- Via environment variable:
bash
SHIELDCI_MEMORY_LIMIT=1G php artisan shield:analyze- Via PHP CLI:
bash
php -d memory_limit=1G artisan shield:analyze- Reduce analysis scope:
bash
# Analyze specific category
php artisan shield:analyze --category=security
# Analyze specific paths only
# Update config/shieldci.php paths.analyze arrayLarge Codebases
For very large codebases (500k+ lines of code):
- Run categories separately:
bash
php artisan shield:analyze --category=security
php artisan shield:analyze --category=performance
php artisan shield:analyze --category=reliability- Exclude generated/vendor code:
php
// config/shieldci.php
'excluded_paths' => [
'vendor/*',
'node_modules/*',
'storage/*',
'_ide_helper*.php', // IDE helpers
'database/factories/*', // Factory files
'resources/views/vendor/*', // Published views
],Timeout Issues
Analysis Timeout
Error:
ShieldCI analysis timed out after 300 secondsSolutions:
- Increase timeout:
php
// config/shieldci.php
'timeout' => 600, // 10 minutes- Via environment variable:
bash
SHIELDCI_TIMEOUT=600 php artisan shield:analyze- Run specific analyzers:
bash
# Run only the analyzers you need
php artisan shield:analyze --analyzer=sql-injection,xss-vulnerabilities- Exclude slow analyzers in CI:
php
// config/shieldci.php
'ci_mode_exclude_analyzers' => [
'phpstan', // PHPStan can be slow on large codebases
],False Positives
Handling False Positives
If ShieldCI reports issues that aren't actually problems:
Option 1: Ignore specific errors
php
// config/shieldci.php
'ignore_errors' => [
'sql-injection' => [
[
'path' => 'app/Legacy/OldController.php',
'message' => 'Potential SQL injection vulnerability',
],
],
],Option 2: Use path patterns
php
'ignore_errors' => [
'xss-vulnerabilities' => [
['path_pattern' => 'app/Legacy/*.php'], // All legacy files
],
],Option 3: Use baseline
bash
# Generate baseline of existing issues
php artisan shield:baseline
# Future runs only report NEW issues
php artisan shield:analyze --baselineOption 4: Disable the analyzer entirely
php
'disabled_analyzers' => [
'analyzer-id-that-doesnt-apply',
],Reviewing False Positives
Before ignoring, verify it's actually a false positive:
- Read the full error message - ShieldCI explains why it flagged the code
- Check the code context - The code snippet shows surrounding lines
- Understand the vulnerability - Link to OWASP/security resources in the analyzer docs
- Consider if it's worth fixing anyway - Sometimes "false positives" are actually code smells
Be Careful
Don't blindly ignore security warnings. Each ignore_errors entry should be reviewed and documented. Consider adding a comment in your config explaining WHY it's safe to ignore.
Environment Detection Issues
Wrong Environment Detected
Some analyzers behave differently based on environment (production vs development).
Symptoms:
- Production-only analyzers running in development
- Missing warnings that should appear in production
Solutions:
- Verify APP_ENV:
bash
php artisan env- Check environment mapping:
php
// config/shieldci.php
'environment_mapping' => [
'production-us' => 'production',
'production-eu' => 'production',
'staging-preview' => 'staging',
],- Clear config cache:
bash
php artisan config:clearAnalyzer Conflicts
Conflicting Recommendations
Sometimes two analyzers may give seemingly conflicting advice.
Example: "Use query builder for performance" vs "Use Eloquent for maintainability"
Resolution:
ShieldCI prioritizes security over performance over code quality. When recommendations conflict:
- Security always wins - Never sacrifice security for performance
- Consider context - Read both recommendations fully
- Use your judgment - You know your application best
Analyzer Errors
Error:
Analyzer 'some-analyzer' encountered an error during executionSolutions:
- Check the error details:
bash
php artisan shield:analyze --format=json | jq '.errors'Common causes:
- Missing optional dependencies (e.g., PHPStan for static analysis)
- Invalid configuration files
- Corrupted project files
Run that analyzer in isolation:
bash
php artisan shield:analyze --analyzer=some-analyzer- Disable problematic analyzer temporarily:
php
'disabled_analyzers' => [
'problematic-analyzer',
],CI/CD Issues
CI Builds Failing Unexpectedly
Symptoms: Builds pass locally but fail in CI
Common causes and solutions:
- Environment differences:
bash
# Ensure CI mode is enabled
SHIELDCI_CI_MODE=true php artisan shield:analyze- Different configurations:
bash
# Verify configuration in CI
php artisan config:show shieldci- Caching issues:
bash
# Clear all caches in CI
php artisan config:clear
php artisan cache:clear- Different PHP versions:
- Ensure CI uses the same PHP version as production
Exit Code Issues
Problem: ShieldCI returns wrong exit code
Verify exit code behavior:
bash
php artisan shield:analyze
echo "Exit code: $?"Check fail_on configuration:
php
// config/shieldci.php
'fail_on' => 'high', // Default: fails on High and CriticalEnvironment override:
bash
SHIELDCI_FAIL_ON=critical php artisan shield:analyzeBaseline Not Working
Problem: Issues are still reported despite baseline
Solutions:
- Verify baseline flag:
bash
php artisan shield:analyze --baseline- Check baseline file exists:
bash
ls -la .shieldci-baseline.json- Regenerate baseline:
bash
php artisan shield:baseline- Check for file changes:
- Baseline matches by file path and line number
- If code moved, regenerate baseline
Installation Issues
Package Not Found
Error:
Package shieldci/laravel not foundSolutions:
- Check repository configuration:
bash
composer config repositories- Clear Composer cache:
bash
composer clear-cache- Update Composer:
bash
composer self-updateService Provider Not Loaded
Error:
Class 'ShieldCI\Laravel\ShieldCIServiceProvider' not foundSolutions:
- Clear bootstrap cache:
bash
php artisan clear-compiled
composer dump-autoload- Manually register provider (if auto-discovery disabled):
php
// config/app.php
'providers' => [
ShieldCI\Laravel\ShieldCIServiceProvider::class,
],- Check composer.json autoload:
bash
composer dump-autoloadPerformance Optimization
Speed Up Analysis
- Enable OPcache:
ini
; php.ini
opcache.enable=1
opcache.enable_cli=1- Run specific categories:
bash
php artisan shield:analyze --category=security- Limit issues per analyzer:
php
'report' => [
'max_issues_per_check' => 3, // Show only first 3 issues
],- Disable code snippets:
php
'report' => [
'show_code_snippets' => false, // Faster output
],Caching Analysis Results
ShieldCI doesn't cache results between runs (each analysis is fresh). For repeated analysis:
- Save to file:
bash
php artisan shield:analyze --format=json --output=results.json- Compare results:
bash
# Compare with previous run
diff previous-results.json results.jsonGetting Help
Collect Debug Information
When reporting issues, include:
- Laravel version:
bash
php artisan --version- PHP version:
bash
php --version- ShieldCI version:
bash
composer show shieldci/laravel- Full error output:
bash
php artisan shield:analyze 2>&1 | tee shieldci-output.log- Configuration:
bash
php artisan config:show shieldciReport Issues
- GitHub Issues: github.com/shieldci/laravel/issues
- Include: Error message, steps to reproduce, environment details
Next Steps
- Configuration - Customize ShieldCI behavior
- CI/CD Integration - Pipeline setup guide
- Analyzers - Understanding each analyzer