I'm looking for a tool, that can not just staticaly alnalyze code but also discover performance botlenecks and security holes.
I found three of them:
SensioLabsInsight - includes also checking Twig tempalates and is more or less focused on Symfony2 world.
CodeClimate - checks also JS and Ruby
CodeClimate and Scrutinizer are quiet expensive compared to SensioLabsInsight.
There are already similar questions like "Is there a good/robust PHP Lint or code quality tool?" or "Is there a tool for PHP that displays code quality metrics in a consice manner?" but I would rather use a tool that is not just aimed on static analysis.
I'm curious if any of you have personal experience and used any of the tools in a real project where you could say that it really helped you to spot potentionaly vulnerable code or basically any kind of useful information that can't be detected with just static analysis.