The first time you run Infection for your project, it will ask you several questions to create a config file infection.json5, with the following structure:

"source": {
"directories": [
"excludes": [
"timeout": 10,
"logs": {
"text": "infection.log",
"html": "infection.html",
"summary": "summary.log",
"json": "infection-log.json",
"perMutator": "",
"github": true,
"gitlab": "gitlab-code-quality.json",
"stryker": {
"badge": "/^release-.*$/"
"summaryJson": "summary.json"
"tmpDir": "/opt/tmp-folder",
"phpUnit": {
"configDir": "app",
"customPath": "\/path\/to\/phpunit-6.1.phar"
"mutators": {
"global-ignore": [
"global-ignoreSourceCodeByRegex": [
"@default": true,
"@function_signature": false,
"TrueValue": {
"ignore": [
"ignoreSourceCodeByRegex": [
"initialTestsPhpOptions": "-d",
"testFrameworkOptions": "--filter=Unit"

If you want to override settings locally, create and commit to VCS infection.json5.dist but locally use infection.json5 which should be ignored (e.g. in .gitignore).

By default, Infection uses json5 format for configuration file. It allows using comments, ES5-like keys and many more. But if you for some reason can’t use it, Infection also supports json format.

Configuration settings

How to use custom autoloader or bootstrap file

If you have a custom autoloader or bootstrap file for your application, you should tell Infection about it.

For example, you have

// custom-autoloader.php

require 'NonPsr4CompliantFile.php';

then you have to add it to the infection.json5 file:

"bootstrap": "./custom-autoloader.php"

Thus, Infection will know how to autoload NonPsr4CompliantFile class. Without adding it to the config, Infection will not be able to create Mutations because internally it uses new \ReflectionClass() objects.

Running Infection

Ensure that your tests are all in a passing state (incomplete and skipped tests are allowed). Infection will quit if any of your tests are failing.

If you have installed Infection as a global composer package, just run it in your project’s root:


or if you cloned it to some folder:

# cd /path/to/project/root


Running with Xdebug

In order to run Infection with Xdebug, you have several options:

Enable Xdebug globally

In this case just run

./infection.phar --threads=4

Enable Xdebug per process

Since Infection needs Xdebug only to generate code coverage in a separate process, it is possible to enable debugger just there.

Assuming Xdebug is disabled globally, run

./infection.phar --initial-tests-php-options="-d"

Running with phpdbg

In order to run Infection with phpdbg instead of Xdebug, you need to execute the following command:

phpdbg -qrr infection.phar

Running without debugger

It is possible to run Infection without any debugger enabled. However, in this case you should provide already generated code coverage as an option

./infection.phar --coverage=path/to/coverage

Read more what types of coverage Infection requires and how to do it.

@infection-ignore-all support

Infection supports @infection-ignore-all annotation on class, method, and statement level.

The following class will not be mutated even though it might have few covered lines.

* @infection-ignore-all
class Calculator
public function add(float $a, float $b): float
return $a + $b;

In this example, method generate() will be skipped from mutation logic, but getDependencies() will be mutated as usual method.

class ProductFixture
* @infection-ignore-all
public function generate(): void
// generate logic

public function getDependencies(): array
return [CategoryFixture::class];

Likewise, given this annotation Infection won’t consider anything in this loop:

/** @infection-ignore-all */
foreach ($foo as $bar) {

Exposed environment variables

Infection exposes a couple of environment variables: