I did some searching today for PHP static analysis tools, and came across some interesting ones.
PHP-Front: Not yet even at v0.1 yet, but I await the release eagerly. You can download unstable releases if you want to test it out.
PHP-SAT: Made by the same people (person?) as PHP-Front, and also not yet even at v0.1 yet. You can download unstable releases if you want to test it out.
Pixy: This looks like an academic project, but at least they have something working! The analysis tool deals mainly with detecting XSS vulnerabilities.
Searching for PHP dynamic analysis tools did not turn out as fruitful.