[Owasp-leaders] Static Code Analysis Tool for php?

Jonathan Marcil jonathan.marcil at owasp.org
Tue Dec 22 06:54:47 UTC 2015


Hi Katy,

I did this one two years ago and it's still useful nowadays as an assistant
for code review:
https://github.com/FloeDesignTechnologies/phpcs-security-audit

It is open source and based on PHP CodeSniffer. There's the RIPS stuff in
it, and more, and an implementation for CMS/Framework that supports Drupal
7.

If you want commercial support, I'll stay in OWASP fashion not to point any
in particular, but you would get good results if you were looking for code
quality scanner rather than just security.

Hope this helps and I'm not too late,

- Jonathan



On Mon, Dec 14, 2015 at 2:49 PM, Ibéria Medeiros <iberia.medeiros at owasp.org>
wrote:

> Hi,
>
> You hve this one too :-)
> http://awap.sourceforge.net/
> https://www.owasp.org/index.php/OWASP_WAP-Web_Application_Protection
>
> Best regards,
> Ibéria Medeiros
>
>
> On Mon, Dec 14, 2015 at 8:36 PM, Katy Anton <katy.anton at owasp.org> wrote:
>
>> Hi all,
>>
>> Does anyone has a  suggestion for a good static code analysis tool for
>> php?
>> Had a look at RIPS, but it looks version  0.5 development is abandoned.
>> http://sourceforge.net/projects/rips-scanner/
>>
>> Thanks a lot,
>>
>> *Katy Anton *
>>
>> OWASP Bristol (UK) Chapter Leader
>>
>> Email: katy.anton at owasp.org
>>
>>
>>
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20151221/c6d8504a/attachment.html>


More information about the OWASP-Leaders mailing list