Share read-only access
Add us as a read-only collaborator on GitHub or GitLab, or send a zip archive. A short intake form captures your PHP version, Symfony version, and anything you already know is broken or untouchable.
A complete risk assessment and costed upgrade roadmap — Rector analysis, PHPStan, CVE audit, Deptrac. In writing. No rewrite evangelism.
“Every legacy codebase I’ve audited is running on a PHP version that stopped getting security patches years ago. The team knows. Nobody wants to say the number it’ll cost to fix. We will — in writing.”
— Ruben Elizondo · 15+ years on Symfony · Senior PHP Developer
Dependency & CVE Report
Every Composer package, its exact EOL date, known CVEs, and a risk-rated list of unmaintained libraries. You see exactly what stops receiving security patches and when.
Static Analysis Report
PHPStan findings at level 5, a Rector dry-run showing deprecated API usage and estimated change volume, and Deptrac output flagging architectural boundary violations.
Phased Upgrade Roadmap
A costed, step-by-step plan ordered by risk. What to do first, what to defer safely, and honest time estimates for each phase. Your team can execute it — or we can.
You invest 15 minutes of your time. We do the rest — and deliver everything in writing.
Add us as a read-only collaborator on GitHub or GitLab, or send a zip archive. A short intake form captures your PHP version, Symfony version, and anything you already know is broken or untouchable.
Rector dry-run, PHPStan, composer audit, Deptrac, and
manual review of your architecture and dependency chain.
Every finding is sourced from tool output you can verify yourself.
A structured PDF: risk ratings, costed upgrade phases, tool output appendix. We walk you through it on a recorded call. Your team keeps the report and the recording forever.
We don’t guess. Every finding comes from tool output you can reproduce and verify independently.
Single-application audit covers up to ~100K LOC. Extended pricing available for larger or multi-app codebases.
Small by design. You work with the people who did the analysis, not an account manager.
Lead Auditor · Senior Symfony Consultant
25 years building PHP applications in production. 15 years on Symfony specifically — from Symfony 1.x through 7.x. Leads all audits: analysis, upgrade roadmap, and every technical conversation.
Client Operations
Owns project coordination, scheduling, and client communications in English and Spanish. If you send a question, she routes it. If the timeline changes, she tells you before you have to ask.
A 15-minute call, or — if you prefer async like most engineers I work with — send six short questions by email and I’ll come back with a fixed quote in writing. No call required.