Bugs finders
Tools that reports issues in the code that are or lead to bugs.
- Eir – Eir is a static vulnerability analysis tool for PHP applications written in C#
- Exakat – Smart static analysis for PHP
- Mondrian – A code analysis tool using Graph Theory.
- php-analysis – PHP Analysis in Rascal (PHP AiR).
- PHP Assumption – Finds weak assumptions in the code, suggest to turn them into stronger validations.
- PhpCodeAnalyzer – finds usage of non-built-in extensions in your php code.
- PHPCodeFixer – finds usage of deprecated functions, variables and ini directives in your php code.
- php7mar – PHP 7 Migration Assistant Report.
- phpcallgraph – PHP 7 Migration Assistant Report.
- PHPCPD – phpcpd spots copy/pasted code, and help enforcing DRY rule.
- Phan – The static analyzer by Rasmus.
- PHP Inspection – Static analysis for phpstorm.
- PHP lint – PHP itself, able to detect syntax error from command line.
- PHPlint – PHPLint is a validator and documentator for PHP 5 programs
- PHP Mess Detector – PHPMD takes a given PHP source code base and look for several potential problems within that source.
- PHP Reaper – PHP tool to scan ADOdb code for SQL Injections
- PHP SA – PHPSA is a development tool aimed at bringing complex analysis for PHP applications and libraries.
- PHP Stan – “PHPStan focuses on finding errors in your code without actually running it. “
- PHP Unlocker – “PHP-Unlocker is a static analysis tool that detects potential, unintended DB table locks for PHP applications using ADOdb.”
- PHP vuln hunter – A tool that can scan php vulnerabilities automatically using static analysis methods
- RIPS – A static source code analyser for vulnerabilities in PHP scripts
- psecio:parse – Parse : A PHP Security Scanner
- SonarQube – An open platform to manage code quality. It covers PHP code.
- Side Channel Analyzer – Search for side-channel vulnerable code.
- TaintPHP – Static Taint Analysis for PHP web applications.
- Tuli – A static analysis engine
- 17eyes – “PHP static analyzer written in Haskell”
