Scrutinizer has the most advanced static analysis engine that is available for PHP code. It goes beyond simple style checks for whether you make use of certain language features. We track how data flows through your application to detect security issues, bugs, unused code, and much more.
Using Scrutinizer, you also benefit from the knowledge of thousands of PHP developers that are already using our service. Based on their behavior, Scrutinizer automatically learns which issues are likely to be false-positives and filters them for you providing you more useful results.
If you like, we also allow you to run certain open-source tools like PHP Code Sniffer to execute your own checks in case you have some already.
We automatically enable the checks that we believe are most useful for your project by default. If you would like to fine-tune these checks, you can use the config editor, and also filter false-positives using the web-interface.
If you would like to start over, the most minimal configuration looks like this:
checks: php: true
By default, Scrutinizer will analyze all files ending with
.php in your project. If you have generated code, or dependencies
embedded in your project, or would like to exclude your tests from the analysis, this can be achieved easily:
# .scrutinizer.yml filter: excluded_paths: - tests/*
Learn more about excluding files from the analysis.