security static analysis for php code

Hi,

Are there any recommendations for tools which can be used for security checks in static php code(or maybe run some tests against the code), preferably run this with each commit to avoid issues like password being exposed in plain text, potential system commands like exec being exposed in the code etc..

Thanks!