PHP_CodeSniffer
下载地址:
https://packagist.org/packages/squizlabs/php_codesniffer(Composer版本,推荐)
http://pear.php.net/package/PHP_CodeSniffer(PEAR版本)
PHP_CodeSniffer tokenizes PHP, JavaScript and CSS files to detect and fix violations of a defined set of coding standards.
检查PHP代码是否符合代码标准,可以用于版本兼容性检查。
phpsecinfo
下载地址:http://phpsec.org/projects/phpsecinfo/
PhpSecInfo provides an equivalent to the phpinfo() function that reports security information about the PHP environment, and offers suggestions for improvement. It is not a replacement for secure development techniques, and does not do any kind of code or app auditing, but can be a useful tool in a multilayered security approach.
简单来说:该工具检查你的PHP配置文件,并提供安全建议。
php RIPS
下载地址:http://rips-scanner.sourceforge.net/
RIPS - A static source code analyser for vulnerabilities in PHP scripts
PHP代码静态扫描工具