Best Code Coverage Tools for PHP

"Parasoft delivers an AI‑powered software testing platform that helps organizations continuously release high‑quality software. Our solutions support embedded and enterprise teams by integrating code analysis, testing, virtualization, and coverage into the delivery pipeline to improve security, reliability, and compliance while reducing cost and effort. Parasoft C/C++test provides static analysis, unit testing, code coverage, and requirements traceability for C and C++ applications. It integrates with Eclipse and Visual Studio, supports CI/CD automation, and is TÜV‑certified for safety‑ and security‑critical systems. Parasoft C/C++test CT is a scalable, compliance‑ready solution for C and C++ teams. It integrates into CI/CD workflows, supports open‑source unit testing frameworks, containers, VS Code, Bazel build systems, eliminates IDE dependencies, and is TÜV‑certified for safety‑ and security‑critical development."

Codacy is a comprehensive platform for code quality and security that helps development teams build secure, maintainable, and compliant software. It integrates across the entire development lifecycle, from IDE to production, providing real-time feedback and automated checks. Codacy analyzes code repositories, enforces quality standards, and detects vulnerabilities before deployment. With AI Guardrails, it also protects against risks introduced by AI-generated code. The platform centralizes rules and policies, ensuring consistency across teams and projects. Developers benefit from automated pull request checks, test coverage tracking, and actionable insights. Overall, Codacy enables faster development without compromising security or code quality.

Develop healthier code. Improve your code review workflow and quality. Codecov provides highly integrated tools to group, merge, archive, and compare coverage reports. Free for open source. Plans starting at $10/user per month. Ruby, Python, C++, Javascript, and more. Plug and play into any CI product and workflow. No setup required. Automatic report merging for all CI and languages into a single report. Get custom statuses on any group of coverage metrics. Review coverage reports by project, folder and type test (unit tests vs integration tests). Detailed report commented directly into your pull request. Codecov is SOC 2 Type II certified, which means a third-party audits and attests to our practices to secure our systems and your data.

DeepSource is an AI-powered code review platform designed to help development teams maintain high-quality, secure, and reliable code. The platform automates code reviews using a hybrid approach that combines static analysis with advanced AI agents. It integrates directly with development workflows through platforms like GitHub, GitLab, Bitbucket, and Azure DevOps. DeepSource analyzes pull requests in real time, identifying bugs, security vulnerabilities, code complexity issues, and maintainability risks before code reaches production. The system provides structured feedback and inline comments to help developers quickly understand and resolve issues. Additional features such as secrets detection, dependency vulnerability scanning, and infrastructure-as-code review strengthen application security. By automating repetitive review tasks and providing intelligent insights, DeepSource enables teams to ship software faster while maintaining strong code quality standards.

PHPUnit requires the dom and json extensions, which are normally enabled by default. PHPUnit also requires the pcre, reflection, and spl extensions. These standard extensions are enabled by default and cannot be disabled without patching PHP’s build system and/or C sources. The code coverage report feature requires the Xdebug (2.7.0 or later) and tokenizer extensions. Generating XML reports requires the xmlwriter extension. Unit Tests are primarily written as a good practice to help developers identify and fix bugs, to refactor code and to serve as documentation for a unit of software under test. To achieve these benefits, unit tests ideally should cover all the possible paths in a program. One unit test usually covers one specific path in one function or method. However a test method is not necessarily an encapsulated, independent entity. Often there are implicit dependencies between test methods, hidden in the implementation scenario of a test.

Xdebug is an extension for PHP, and provides a range of features to improve the PHP development experience. A way to step through your code in your IDE or editor while the script is executing. An improved var_dump() function, stack traces for notices, warnings, errors, and exceptions to highlight the code path to the error. Writes every function call, with arguments and invocation location to disk. Optionally also includes every variable assignment and return value for each function. Allows you, with the help of visualization tools, to analyze the performance of your PHP application and find bottlenecks. Shows which parts of your code base are executed when running unit tests with PHPUnit. Installing Xdebug with a package manager is often the fastest way. You can substitute the PHP version with the one that matches the PHP version that you are running. You can install Xdebug through PECL on Linux & macOS with Homebrew.

A self-contained CodeCoverage compatible driver for PHP. When PCOV is left unset, PCOV will attempt to find src, lib or, app in the current working directory, in that order; If none are found the current directory will be used, which may waste resources storing coverage information for the test suite. If PCOV contains test code, it's recommended to set the exclude command to avoid wasting resources. To avoid unnecessary allocation of additional arenas for traces and control flow graphs, PCOV should be set according to the memory required by the test suite. To avoid reallocation of tables, PCOV should be set to a number higher than the number of files that will be loaded during testing, inclusive of test files. interoperability with Xdebug is not possible. At an internal level, the executor function is overridden by PCOV, so any extension or SAPI which does the same will be broken. PCOV is zero cost, code runs at full speed.

Maximize your throughput and only release clean code SonarQube Cloud (formerly SonarCloud) automatically analyzes branches and decorates pull requests. Catch tricky bugs to prevent undefined behavior from impacting end-users. Fix vulnerabilities that compromise your app, and learn AppSec along the way with Security Hotspots. With just a few clicks you're up and running right where your code lives. Immediate access to the latest features and enhancements. Project dashboards keep teams and stakeholders informed on code quality and releasability. Display project badges and show your communities you're all about awesome. Code Quality and Code Security is a concern for your entire stack, from front-end to back-end. That’s why we cover 24 languages including Python, Java, C++, and many others. Transparency makes sense and that's why the trend is growing. Come join the fun, it's entirely free for open-source projects!

We help you deliver code confidently by showing which parts of your code aren’t covered by your test suite. Free for open-source repositories. Pro accounts for private repositories. Instant sign-up through GitHub, Bitbucket, and Gitlab. Maintaining a well-tested codebase is mission-critical. Figuring out where your tests are lacking can be painful. You're already running your tests on a continuous integration server, so shouldn't it be doing the heavy lifting? Coveralls works with your CI server and sifts through your coverage data to find issues you didn't even know you had before they become a problem. If you're just running your code coverage locally, you won't be able to see changes and trends that occur during your entire development cycle. Coveralls lets you inspect every detail of your coverage with unlimited history. Coveralls takes the pain out of tracking your code coverage. Know where you stand with your untested code. Develop with confidence that your code is covered.

Meet Agile development cycles while maintaining high-quality code. Use Jtest’s comprehensive set of Java testing tools to ensure defect-free coding through every stage of software development in the Java environment. Streamline Compliance With Security Standards. Ensure your Java code complies with industry security standards. Have compliance verification documentation automatically generated. Release Quality Software, Faster. Integrate Java testing tools to find defects faster and earlier. Save time and money by mitigating complicated and expensive problems down the line. Increase Your Return From Unit Testing. Achieve code coverage targets by creating a maintainable and optimized suite of JUnit tests. Get faster feedback from CI and within your IDE using smart test execution. Parasoft Jtest integrates tightly into your development ecosystem and CI/CD pipeline for real-time, intelligent feedback on your testing and compliance progress.