RIPS is a tool written in PHP to find vulnerabilities in PHP applications using static code analysis. By tokenizing and parsing all source code files RIPS is able to transform PHP source code into a program model and to detect sensitive sinks (potentially vulnerable functions) that can be tainted by userinput (influenced by a malicious user) during the program flow. Besides the structured output of found vulnerabilities RIPS also offers an integrated code audit framework for further manual analysis.
This is a docker image for running RIPS.
How to use this image:
docker run -p 80:80 -v /path/to/src:/src kws1/rips
Then just access RIPS using a browser. Specify the path /src and analyze your code. It's possible to make RIPS listen on another port if 80 is already taken.