FIXME **Le PAD pour proposer une amélioration à cette page :** https://pad.zenk-security.com/p/merci


====== PHP ======

🛠 PHPStan v0.11.19 releases: PHP Static Analysis Tool https://securityonline.info/phpstan-php-static-analysis/

🛠 Cheatsheet for finding vulnerable PHP code using grep https://github.com/dustyfresh/PHP-vulnerability-audit-cheatsheet

🛠 We help your business to secure PHP and Java web applications with language specific code analysis. https://www.ripstech.com/

🛠 exakat
https://www.exakat.io/


🛠 SensioLabs
SensioLabs leverage composer.lock file to check for known security risk. https://security.sensiolabs.org/

🛠 phpcs-security-audit v2 https://github.com/FloeDesignTechnologies/phpcs-security-audit

🛠 Progpilot - A static analyzer for security purposes https://github.com/designsecurity/progpilot

🛠 RIPS - A static source code analyser for vulnerabilities in PHP scripts http://rips-scanner.sourceforge.net/
https://github.com/bizonix/rips-scanner  https://github.com/ripsscanner/rips https://github.com/robocoder/rips-scanner

🛠 A static source code analyser for vulnerabilities in PHP scripts  https://github.com/67iendymarm/taklamakan-scanner

🛠 Static source php code analyser for Security vulnerablitites https://github.com/rjcrystal/scaps

🛠 PHP static source code analyser  https://github.com/ganbarodigital/php-fact-builder

🛠 Vulture - Static source code analyser for PHP web applications vulnerabilities. https://github.com/darioghilardi/vulture


🛠 [AppChecker](https://npo-echelon.ru/en/solutions/appchecker.php) - static analysis tool for finding bugs, weaknesses and vulnerabilities in source code

🛠 [Code insight](https://github.com/console-helpers/code-insight) - A tool for analysing other project code bases.

🛠 [Churn-PHP](https://github.com/bmitch/churn-php.git) - Discover files in need of refactoring.

🛠 [Eir](https://github.com/Lixody/Eir) - A static vulnerability analysis tool written in C#.

🛠 [Grabber]
( http://rgaucher.info/beta/grabber/ ) Grabber, a python based tool to perform hybrid analysis on a PHP-based application using PHP-SAT.

🛠 [Exakat](http://www.exakat.io/) - Smart static analysis.

🛠 [jscpd](https://github.com/kucherenko/jscpd) - Copy/paste detector for programming source code. 

🛠 [Mondrian](https://github.com/Trismegiste/Mondrian) - A code analysis tool using Graph Theory.


🛠 [noverify](https://github.com/VKCOM/noverify) - Pretty fast linter (code static analysis utility) for PHP.

🛠 [Pfff](https://github.com/facebook/pfff) - Tools for code analysis, visualizations, or style-preserving source transformation.

🛠 [PHP Analysis](https://github.com/cwi-swat/php-analysis) - A library for analysing and modifying PHP Source Code in Rascal (PHP AiR).

🛠 [PHParch](https://github.com/j6s/phparch.git) - PHPArch is a work in progress architectural testing library for PHP projects.
 
🛠 [PHP Assumption](https://github.com/rskuipers/php-assumptions.git) - Finds <a href="http://rskuipers.com/entry/from-assumptions-to-assertions">weak assumptions</a> in the code, suggest to turn them into stronger validations.

🛠 [PhpCodeAnalyzer](https://github.com/wapmorgan/PhpCodeAnalyzer.git) - Finds usage of non-built-in extensions.

🛠 [PHPCodeFixer](https://github.com/wapmorgan/PhpCodeFixer) -  Finds usage of deprecated functions, variables and ini directives.

🛠 [php7mar](https://github.com/Alexia/php7mar) - PHP 7 Migration Assistant Report.

🛠 [phpcallgraph](http://phpcallgraph.sourceforge.net/) - Generate static call graphs. Such a graph visualizes the call dependencies among methods or functions of an application..

🛠 [PHPCPD](https://github.com/sebastianbergmann/phpcpd) - Spots copy/pasted code, and help enforcing DRY rule.

🛠 [Phan](https://github.com/etsy/phan) - The static analyzer by Rasmus, PHP Creator.

🛠 [Phinder](https://github.com/sider/phinder.git) - PHP code piece finder

🛠 [Phortress](https://github.com/lowjoel/phortress) - A PHP static code analyser for potential vulnerabilities.

🛠 [PHP Code Static Analysis](https://github.com/joaaoleite/code-static-analysis) - PHP Code static analysis program made in nodeJS.

🛠 [PHP Inspection](https://plugins.jetbrains.com/plugin/7622?pr=idea) - Static analysis plugin for PHPStorm.

🛠 [PHP Integrator](https://github.com/php-integrator) - Indexes PHP code and performs static analysis for Atom editor.

🛠 [Phlint](https://gitlab.com/phlint/phlint) - Phlint is a tool with an aim to help maintain quality of php code by analyzing code and pointing out potential code issues.

🛠 [PHP lint](http://php.net/manual/en/features.commandline.options.php) - PHP itself, able to detect syntax error from command line.

🛠 [PHPlint](http://www.icosaedro.it/phplint/) - A validator and documentator for PHP 5 programs.

🛠 [PHP-Parallel-Lint](https://github.com/JakubOnderka/PHP-Parallel-Lint) - A parallel php linting tool for PHP 5.3.3 or newer

🛠 [PHP Magic Number Detector](https://github.com/povils/phpmnd) - PHP Magic Number Detector

🛠 [PHP-malware-finder](https://github.com/nbs-system/php-malware-finder) - Detect potentially malicious PHP files

🛠 [PHP Mess Detector](http://phpmd.org/) - Look for several potential problems within source code.

🛠 [PHP Reaper](https://github.com/emanuil/php-reaper.git) - Scan ADOdb code for SQL Injections.

🛠 [PHP SA](https://github.com/ovr/phpsa) - A development tool aimed at bringing complex analysis for PHP applications and libraries.

🛠 [PHP Stan](https://github.com/phpstan/phpstan) - Focuses on finding errors in code without actually running it.

🛠 [PHP Unlocker](http://emanuilslavov.com/php-unlocker/) - Detect potential, unintended DB table locks for PHP applications using ADOdb. Uses static analysis methods.

🛠 [PHP testability](https://github.com/edsonmedina/php_testability) - Analyses and produces a report with testability issues of a php codebase.

🛠 [PHP vuln hunter](https://github.com/OneSourceCat/phpvulhunter) - Scan PHP vulnerabilities automatically using static analysis methods.

🛠 [Progpilot](https://github.com/designsecurity/progpilot) - A static analysis tool for security purposes.

🛠 [Psalm](https://getpsalm.org/) - A static analysis tool for finding errors in PHP applications.

🛠 [psecio:parse](https://github.com/psecio/parse.git) - Parse : A PHP Security Scanner.

🛠 [SonarQube](http://www.sonarqube.org/) - An open platform to manage code quality. It covers PHP code.


🛠 [SonarPHP]
(https://www.sonarsource.com/products/codeanalyzers/sonarphp.html) - SonarPHP by SonarSource uses pattern matching, data flow techniques to find vulnerabilities in PHP codes. It is a static code analyzer and integrates with Eclipse, IntelliJ

🛠 [Side Channel Analyzer](https://github.com/olivo/side-channel-analyzer) - Search for side-channel vulnerable code.

🛠 [TaintPHP](https://github.com/olivo/TaintPHP.git) - Static Taint Analyzer.

🛠 [Taint'em All](http://taint.spro.ink/) - A taint analysis tool for the PHP language, it makes use of Static Taint Analysis + Symbolic Execution.

🛠 [Tuli](https://github.com/ircmaxell/Tuli) - A static analysis engine.

🛠 [Unused-scanner](https://github.com/Insolita/unused-scanner.git) - Detect unused composer dependencies

🛠 [WAP](https://www.owasp.org/index.php/OWASP_WAP-Web_Application_Protection) - Tool to detect and correct input validation vulnerabilities in PHP (4.0 or higher) web applications and predicts false positives. 

🛠 [PHP VarDump Check](https://github.com/JakubOnderka/PHP-Var-Dump-Check) - PHP console application for finding forgotten variable dump.

🛠 [17eyes](https://github.com/17eyes/17eyes) - PHP static analyzer written in Haskell.

🛠 [PHP Sandbox](http://sandbox.onlinephpfunctions.com/) Test your PHP code with this code tester