Getting started

Quickstart

Encode your first PHP project, issue a license, and ship the protected build — from the native desktop app or the scop CLI in CI.

Pre-release. SourceCop is in pre-1.0 preview. The desktop encoder and scop CLI surface below are stable in shape but commands may change before v1.0. Track the changelog for breaking notes.

This walks through encoding a single PHP project end-to-end: download the encoder, open your project, set license options, encode, then ship the protected build to the customer’s server.

1. Download SourceCop

Grab the build for your machine from sourcecop.com/download. Native desktop encoder for macOS (Intel & Apple Silicon), Windows, and Linux (x86_64 & arm64). The scop CLI ships in the same install.

No daemon, no rooted container, no telemetry. Your source never leaves the box you encode on.

2. Open your project in the desktop app

Launch SourceCop. Pick the PHP project you want to protect — point at a folder on disk; the encoder works locally on a copy and writes a protected build to an output directory you choose. Nothing uploads anywhere.

The app shows: source tree, target loader configuration, license options, and an encode-progress panel.

3. Set your license options

Bind the protected build to the customer you’re shipping it to:

  • Domainacme.example.com (the protected code only runs on that host)
  • Expiry — license stops working after a date you set
  • Machine — optional hardware fingerprint lock for high-trust deployments

Licenses are signed offline with your project key. The customer’s server verifies locally — no callback to a SourceCop server, no callback to you. License files travel alongside the protected build.

4. Encode

Click Encode. SourceCop reads your PHP source, transforms it into a non-readable, tamper-resistant form, and writes the protected build to the output directory along with the license file. Done in seconds for small projects, minutes for large ones.

5. Ship the protected build

Drop the output directory on the customer’s PHP host — Apache, nginx, shared hosting, managed PaaS, anywhere standard PHP runs. The protected code executes; the source remains unreadable.

Same flow from CI

Everything the desktop app does is available headlessly from the scop CLI for release pipelines. The minimum:

scop encode ./src -o ./dist \
  --php 8.3 \
  --domain acme.example.com \
  --expires 2027-06-04

That produces the same protected build the desktop app would, signed with the same project key. Wire it into GitHub Actions, GitLab CI, or whatever you already run release builds in — see the CLI reference for the full surface.

Last updated 2026-06-04.