Syhunt's whitebox scan (source code scan) can uncover multiple classes of application vulnerabilities and also identify key areas of the code that need review. Its static source code analysis functionality can detect cross-site scripting, file inclusion, SQL injection, command execution and validation problems. Initially only PHP was supported. As of today, multiple web programming languages are supported.
Follow along with this guide to learn how to perform a source code scan and generate a vulnerability report.
In the end of the scan, you can click Generate a Report to save the results as a HTML report or any other prefered format.