Software analytics tool


#1

Do you know any software analytics tool for PHP?


#2

That does what exactly?


#3

Static analysis, not just that, but then you can see the quality of your code in terms of security, maintainability and other software characteristics… Do you use any?


#4

Havent used any professionally, it’s supposedly covered with writing tests and doing code reviews. Many companies I’ve sern has had code style checkers in place on the build servers, but that’s as far as I’ve seen it go. These usually also provide stats like code duplication and similar. I’m not sure a tool to check security in the code does anything really. Id even consider it could worsen security as people could start to rely on it instead of making sure themselves / with reviews that you don’t do stupid stuff.

What would be nice would be to automate a vulnerability scanner on third party dependencies.
https://security.sensiolabs.org/

There are similar tools for other managers as well, ie for npm


#5

I don’t know of anything along those lines, but I am familiar with the metrics like that from unit testing. That will give you code coverage and such, but security is a complicated matter. How would you grade whether security was in fact passing or not?

The .NET family of code is high on metrics and I still don’t know of the existence of it on that platform.