SonarSource delivers what is probably the best static code analysis you can find for PHP. Based on our own PHP compiler front-end, it uses the most advanced techniques (pattern matching, dataflow analysis) to analyze code and find Code Smells, Bugs, and Security Vulnerabilities. As with everything we develop at SonarSource, it was built on the principles of depth, accuracy and speed.

SonarSource's PHP analysis has a great coverage of well-established quality standards. This capability is available in Eclipse and IntelliJ for developers (SonarLint) as well as throughout the development chain for automated code review with self-hosted SonarQube or cloud-based SonarCloud.

Supported Frameworks and Standards
  • Provides profiles for Drupal, PSR-2.
  • Support for Laravel, Symfony, Zend and Laminas

SonarSource's PHP analysis supports all the standard metrics implemented by SonarQube including Cognitive Complexity. Additionally, it supports the import of Clover XML test coverage reports.

Custom Rules

SonarSource's PHP analysis supports custom rules written in Java.

Free & Open Source


Issue Tracker

Related Content