Skip to content

VIP Code Analysis Bot

The VIP Code Analysis Bot (“the Bot”) automatically analyzes code in pull requests that are made to any branch of a WordPress application’s wpcomvip GitHub repository. The Bot helps to maintain the quality of code that is submitted to the repository and increases the security and stability of WordPress sites that are hosted on the VIP Platform. 

The Bot is triggered and managed by an internal Continuous Integration (CI) software and is set up to run specific scanners: Vulnerability and Update Scan, PHPCS analysisPHP linting, and SVG analysis. The Bot also asks internal APIs for data and performs some checks on its own. Results are reported in easily readable GitHub feedback and comments. Some pull request can be automatically approved by the Bot.

The Bot is a software bundle under active development, maintained by VIP. Suggestions for improvements can be submitted through VIP’s Feedback Portal.

  • Bot feedback and messages

    Feedback from the VIP Code Analysis Bot is based on the results of the automated scans including Vulnerability and Update Scan, PHPCS analysis, PHP linting, and SVG analysis.

  • PHPCS analysis

    The Bot analyzes all PHP and JavaScript files altered or created in submitted pull requests using PHP_CodeSniffer (PHPCS).

  • Auto approvals

    Several determinants are used by the VIP Code Analysis Bot to calculate whether a pull request can be automatically approved.

  • GitHub build status

    The GitHub interface will display a “Pending — In progress” build status while the VIP Code Analysis Bot is analyzing a pull request.

  • SVG analysis

    All SVG files introduced or altered in pull requests are scanned by an SVG scanner. The scanner will flag any non-whitelisted attributes or tags and report them in the automated code review by the Bot. 

  • PHP linting

    The VIP Code Analysis Bot runs the PHP linter that is bundled with PHP to highlight code syntax and compilation errors.

  • Default behavior of the Bot

    The VIP Code Analysis Bot analyzes and reviews pull requests that are created in WordPress application repositories that exist within the WordPress VIP GitHub organization.

  • Customize the VIP Code Analysis Bot

    The VIP Code Analysis Bot can be customized by adding configuration options to a JSON file that is located within the root of an application’s wpcomvip GitHub repository.

  • Customize PHPCS scanning

    PHPCS analysis is run against code in all relevant files of a pull request by default. Methods are available to modify some aspects of the PHPCS analysis.

Last updated: December 31, 2025

Relevant to

  • WordPress