Phan is a static analyzer for PHP that prefers to minimize false-positives. Phan attempts to prove incorrectness rather than correctness. It looks for common issues and will verify type compatibility on various operations when type information is available or can be deduced. Phan has a good (but not comprehensive) understanding of flow control and does not attempt to track values.
You can get Phan installed using :
composer require phan/phan
Then you’ll want to create a .phan/config.php file in your project to tell Phan how to analyze your source code. Once configured, you can run it via ./vendor/bin/phan. Phan is able to perform tons of code analysis such as checking that all methods, functions, classes, traits, interfaces, constants, properties and variables are defined and accessible, and checking for PHP7/PHP5 backward compatibility.
Phan could be used in CI/CD such as Travis, Appveyor or Jenkins. Since it will exit with a non-zero exit code if 1 or more errors are detected, many Continuous integration tools can be used to detect that exit code and cause the build to fail.
Phan is written by Rasmus Lerdorf and Andrew Morrison, and released under an MIT license.
