SonarSource delivers what is probably the best static code analyzer you can find on the market for PHP. Based on our own PHP compiler front-end, it uses the most advanced techniques (pattern matching, dataflow analysis) to analyze code and find code smells, bugs and security vulnerabilities. As for any product we develop at SonarSource, it was built on the following principles: depth, accuracy and speed.

SonarPHP has a great coverage of well-established quality standards. The SonarPHP capability is available in Eclipse and IntelliJ for developers (SonarLint) as well as throughout the development chain for automated code review with self-hosted SonarQube or on-line SonarCloud.

Supported Frameworks and Standards
  • Provides profiles for Drupal, PSR-2.

Code Coverage by Tests: SonarPHP supports the import of Clover XML test coverage reports.

Custom Rules

SonarPHP supports custom rules written in Java.

Free & Open Source


Issue Tracker

Use in community edition

See all editions