Here are the best PHP Static analysis libraries, which can be utilized to debug software programs that involve examining the code without running the application.
The automatic source code analysis done without running the application is known as static analysis. Dynamic analysis refers to analysis carried out while a program is being executed. Static analysis frequently finds security flaws, performance problems, standard-compliance violations, and outdated programming structures. All static analysis tools share the fundamental idea of examining source code for coding patterns marked with a warning or other information. By customizing the static analysis tool to measure portions of the code and only report on a subset of rules, some programmers use static analysis as an objective indicator of the quality of their code.
The top-of-the-board libraries are mentioned below to cause static analysis of PHP source code to be straightforward for developers.
phpstan-
- Without running your code, PHPStan concentrates on locating problems in it.
- Finds entire classes of errors even before you write code tests.
- Brings PHP closer to compiled languages in that the validity of each line of code can be tested before running it.
phpstanby phpstan
PHP Static Analysis Tool - discover bugs in your code without running it!
phpstanby phpstan
PHP 11928 Version:1.10.19 License: Permissive (MIT)
phan-
- Prefers to minimize false positives.
- Attempts to prove incorrectness rather than correctness.
- Can verify type compatibility on various operations.
- The most straightforward way to use Phan is via Composer.
phanby phan
Phan is a static analyzer for PHP. Phan prefers to avoid false-positives and attempts to prove incorrectness rather than correctness.
phanby phan
PHP 5423 Version:5.4.2 License: Others (Non-SPDX)
psalm-
- Takes care of taint analysis, type inference, and security analysis.
- Tends to find errors in PHP applications.
- It helps to maintain a wide variety of codebases.
psalmby vimeo
A static analysis tool for finding errors in PHP applications
psalmby vimeo
PHP 5227 Version:5.12.0 License: Permissive (MIT)
PhpMetrics-
- Provides metrics about PHP projects and classes.
- Generates beautiful and readable HTML reports.
- Understandable static analysis tool.
PhpMetricsby phpmetrics
Beautiful and understandable static analysis tool for PHP
PhpMetricsby phpmetrics
PHP 2348 Version:v3.0.0rc3 License: Permissive (MIT)
noverify-
- Can analyze changes in git and show only new reports.
- Has PHP 7 and PHP 8 support.
- It is fast and can analyze 100k LOC/s.
noverifyby VKCOM
Pretty fast linter (code static analysis utility) for PHP
noverifyby VKCOM
Go 638 Version:v0.5.3 License: Permissive (MIT)
PhpDependencyAnalysis-
- Finds violation in a dependency graph.
- Extendable static code analysis for object-oriented PHP-Projects.
- Generate dependency graph from abstract classes.
PhpDependencyAnalysisby mamuz
Static code analysis to find violations in a dependency graph
PhpDependencyAnalysisby mamuz
PHP 540 Version:v2.0.2 License: Permissive (MIT)
Mondrian-
- Uses graph theory for static analysis.
- Helps to add abstraction into concrete classes.
- The generated HTML file does not require any dependencies or a connection.
Mondrianby Trismegiste
A static php code analysis tool using the Graph Theory
Mondrianby Trismegiste
PHP 382 Version:v1.3.3 License: No License
Exakat-
- Smart engine for static code analysis.
- Automated code review is possible.
- Is a great review tool and an analysis framework.
Vulny-Code-Static-Analysis-
- It is a python script-based static analysis tool.
- Works based on regular expressions or regex.
- Can detect vulnerabilities in PHP source code.
Vulny-Code-Static-Analysisby swisskyrepo
Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex
Vulny-Code-Static-Analysisby swisskyrepo
PHP 347 Version:Current License: Others (Non-SPDX)
progpilot-
- A tool specialized in static analysis in security.
- Is possible to use progpilot inside PHP code.
- The taint analysis configuration is customizable.