Psalm Security Rules - 1.1

Extension ID

What’s new?

See Psalm Security Rules - 1.1 - Release Notes .


This extension provides a dedicated set of quality rules that have been designed to check your PHP source code for user input security defects or violations. These quality rules are based on the user input security checks provided by the open source static analysis tool called Psalm (see and are in addition to the PHP quality rules provided by com.castsoftware.php (this is a dependent extension and the Psalm Security Rules extension will run its quality rules against the results of the PHP Analyzer analysis).

The following Psalm user input security checks are supported by this extension:

A detailed explanation of the security checks provided by Psalm can be seen in with a dedicated section about avoiding false-positives

Function Point, Quality and Sizing support

This extension provides the following support:

  • Function Points (transactions): a green tick indicates that OMG Function Point counting and Transaction Risk Index are supported
  • Quality and Sizing: a green tick indicates that CAST can measure size and that a minimum set of Quality Rules exist
Function Points
Quality and Sizing (tick)


CAST Imaging Core release Supported
8.3.x (tick)

Dependencies with other extensions

Some CAST extensions require the presence of other CAST extensions in order to function correctly. The Psalm Security Rules extension requires that the following other CAST extensions are also installed:

Note that when using CAST Console to download and install the extension, any dependent extensions are automatically downloaded and installed.

Download and installation instructions

The extension will not be automatically downloaded and installed in CAST Console. If you need to use it, you should manually install the extension using the Application - Extensions interface.

What analysis results can you expect?

Structural rules

Release Link