What source code vulnerability scanning tools are best for securing web applications written in PHP?

RIPS, the tool that you mentioned that you are currently using is a popular comprehensive PHP source code scanner, and one of the best for large applications especially if you are looking to peruse potential vulnerabilities using a GUI.

Please find a non-comprehensive list of a few other PHP source code vulnerability scanners that would be worth giving a try below:

• PHP Vulnerability Hunter which looks for vulnerabilities like cross-site scripting (XSS), SQL injection and the like in your PHP applications

• Grabber, a vulnerability scanner for smaller projects written in PHP, also provided as a tool from the folks with Kali Linux, a popular Linux distribution for locating security vulnerabilities

• SensioLab's security checker which checks your application's dependencies for vulnerabilities using Composer

• Psalm another PHP application tool that utilizes Composer to find vulnerabilities with the application's software dependencies

• PHP Malware Finder is another option which scans for malicious strings in PHP files utilizing the open source YARA project

Additionally, this link below also contains a list of additional packages that can help to scan your PHP source code for security vulnerabilities, as well scan for other bugs that could lead to security issues:

PHP Static Analysis Tools - Bugs Finders

If you find any additional vulnerability scanners for PHP that I did not list here, please be sure to leave a comment to let the Community know!