Like Quertime on Facebook!

20 Tools to Analyze Your Website Codes

Filed under Web Development

Can you only imagine checking the code manually, reading each line to find bugs? It would take almost the same time as the development itself and would never guarantee the quality. But the solution exists – now lot’s of static analysis tools are available to help the coders detect serious bugs on the early stages of development. That allows fixing the defects before the code is given to the QA team. As you know, bugs found later are always more expensive to fix.


Static analysis – is a software analysis accomplished without actually running the software. Such kind of analysis is not performed in a runtime environment. The obvious advantage of such tools is the possibility to examine the code of both web and mobile applications. Moreover, static analysis detects bugs and flaws that cannot be found during web scanning alone.

That’s why we decided to prepare the list of useful tools to analyze the website’s codes.

1. PhpMetrics is an open-source project for code analysis that scores your project with beautiful graphs. It can be integrated with Jenkins or Sonar. The reports can also be shown in many formats (XML, violations, HTML, CSV…).


Phpmetrics explores the code and provides tons of metrics:

  • Complexity: Cyclomatic complexity, Myer’s interval, Relative system complexity
  • Volume: Vocabulary, Data complexity, Lines of code, Readability…
  • Object Oriented: Lack of cohesion of methods, Coupling, Abstraction…
  • Maintainability: Maintainability index, Halstead’s metrics, Effort…

The main advantage of this tool is creating clear and readable indicators, comprehensive even for non-specialists.

2. Phpstan is a PHP Static Analysis Tool, that discovers the bugs in your code without running it. It checks the correctness of each line of code before you run this line. PHPStan allows to catch whole classes of bugs even without writing tests for the code.

3. ESLint – JavaScript linting utility. This tool allows the developers to create their own linting rules, that are completely pluggable. ESLint is a real godsend for JavaScript developers as this language is known to be one of the most dynamic and popular nowadays. That means that the possibility of the human mistake is very high, but ESLint is here to prevent those mistakes.

4. PHPCPD – is a tool that scans the PHP code and detects the copy/paste. Sometimes copy pasting the code may lead to bugs and mistakes if they were included into the code that had been copied. This tool is a perfect solution to find the duplicates in the PHP code (for example if you need to test someone else’s code).

5. PHPMD – PHP mess detector that finds potential problems in code like possible bugs, suboptimal code, overcomplicated expressions, and unused parameters, methods, properties. This tool analyzes code in order to prevent length problems in code, controversial rules, noncompliance of names rules or containing the useless functions.

6. PHP_CodeSniffer contains two scripts for PHP. The first one (phpcs) is the tokenizer of PHP, JavaScript and CSS codes. It detects the possible violations of coding standards. The second one (phpcbf) automatically corrects the found mistakes (violations of coding standards). PHP Code Sniffer helps to keep the code clean and coherent.

7. Codeception is a PHP testing framework. It allows you to describe the entire test in the form of a script in the most simple way. You fully repeat the action of the user who uses your web application: click on links, fill in forms and expect some result. Using Codeception, you write a test that accurately reflects user’s actions. The process of writing a test is extremely simple when using auto-completion in IDE. By the way, we use the customized version of this framework to check both front-end and back-end in GBKSOFT.


8. Mocha – one of the most popular and powerful JavaScript testing framework, working both with Node.js and browser. It can be also used with another JavaScript assertion libraries.

9. Karma is a test runner for JavaScript. The main feature of this tool is testing the code in real browsers and devices. You can add Karma plugin to almost any testing framework (Jasmine, Mocha, QUnit etc).

10. JSHint is a simple open-source JavaScript analysis tool which is used by such companies as Facebook, Wikipedia, Twitter, Yahoo! etc. How it works: you enter the piece of code right on the main page and it displays the report right there.

11. Checkstyle is a tool, which aims to help the developers keep their code to the coding standards. Though it supports Google Java Style Guide and Sun Code Conventions, Checkstyle is rather adaptive.

12. Soot – is a java optimization framework, used for getting analyze, optimization and visualization of Java and Android apps.

13. FindBugs – is a free tool used for static analysis, finding bugs in Java code. It scans the code and allots the warnings (instead of calling them bugs) and divides these warnings into ranks: (i) scariest, (ii) scary, (iii) troubling and (iv) of concern. This helps the developer to understand the possible serenity of such warnings.

14. JArchitect – promising tool detecting various code smells like dead-code, entangled code, bad OOP usage or API breaking changes. It visualizes the debts in code via trend charts, dependency matrix and graph, code metrics colored treemaping.

15. RIPS – is a tool for detecting real security issues in PHP apps that works amazingly fast. It helps the developers and business owners to amend the security risks in time. Available as self-hosted version and as SaaS. You can subscribe or perform one-time security check.

16. Fortify Static Code Analyzer – is a product made by HP to detect security vulnerabilities in your code on the early stages of development. This tool performs the analysis in a short time that helps the developers to produce their product faster and to succeed on the market.

17. Coverity – an open-source tool that provides analysis of projects written in C, C++, Java C# or JavaScript. Coverity provides developers with clear and very detailed issues report that helps in further elimination of the found problems.

18. Veracode – static analysis platform used to review Java, NET, JavaScript (including AngularJS, Node.js, and jQuery), Python, PHP, Ruby on Rails, ColdFusion, and Classic ASP, C/C++ etc. This tool is focusing on code security.

19. Parasoft – static analysis tool that combines Pattern Based Static Analysis, Flow-Based Static Analysis, Third-Party Static Analysis (open-source or custom), Metrics Analysis, and Multivariate Analysis. This tool detects and prevents serious defects in code and gives the visualized insights to the user.


20. CodeSonar differs from other tools because it creates an abstract model of your app to analyze how it works, checks whether all the program paths are correct, examines the program variables and how they relate. It can also be customized by adding API if you need.

This is just a small fraction of all code analysis tools, available on the market. As you can see, they all can be divided according to such criterias:

  • Programming language they actually analyze.
  • Tools for static code analyze.
  • Tools for testing.

Besides all the analyzers, mentioned above, don’t forget using essential tools. Those tools can be trivial for some professionals, but we’d like to list them anyway. Just in case you don’t know about them yet.

Bonus tools to check your website’s performance:

Google speed test
Can be used for the website that already exists. The test shows the insights of the desktop and mobile version of the website. You see not only the general rate of performance but also the possible improvements that can be implemented to level the website.

Screaming Frog
This SEO Spider Tool is the desktop program, that can be installed at any PC, Mac or Linux. It crawls the website’s elements and allows you to analyse the results in real-time.
What you get with this tool:

  • Find broken links
  • Analyse Page Titles & Meta Data
  • Audit Redirects
  • Discover Duplicate Content
  • Review Robots & Directives
  • Extract Data with XPath
  • Generate XML Sitemaps
  • Integrate with Google Analytics

Bottom line

Of course the list of tools for code analysis can be extended but we tried to mention the best solutions in one article. Since you have this list, we hope your code will be clear and comprehensive code as we do 😉

Guest Author: Peter

Peter – chief software developer at GBKSOFT, web and mobile app development company. He is a real profy in engineering, system administration, QA, and a security review.

Tags: , ,