为了完整起见，还要检查phpCallGraph。

参见Semantic Designs的克隆检测工具CloneDR，它可以发现复制/粘贴/编辑的代码。

它将找到精确的和接近错误的代码片段，尽管有空白，注释，甚至变量重命名。PHP的检测报告样本可以在网站上找到。(我是作者。)

NetBeans IDE检查语法错误、不常用的变量等。它不是自动的，但对于小型或中型项目来说效果很好。

有一个用于PHP脚本漏洞的静态源代码分析器。RIPS的源代码可以在SourceForge上找到。

来自RIPS网站:

RIPS is a tool written in PHP to find vulnerabilities in PHP applications using static code analysis. By tokenizing and parsing all source code files RIPS is able to transform PHP source code into a program model and to detect sensitive sinks (potentially vulnerable functions) that can be tainted by userinput (influenced by a malicious user) during the program flow. Besides the structured output of found vulnerabilities RIPS also offers an integrated code audit framework for further manual analysis.

PHP Mess Detector非常棒，而且速度很快。

为了完整起见，还要检查phpCallGraph。