I've been dealing with a much larger codebase than I've been exposed to before, so I wanted a high-level overview. Sonar-Qube seems to be the leading static source code analyzer out there.

I went to install it on homebrew. The docs didn't cover that. Steps:
brew install sonar-qube
brew install sonar-runner
sonar start
Check localhost:9000 and you should see the interface.

Log in by clicking at the top-right. Default login is admin/admin.

To set up sonar-runner, add sonar-project.properties with basic configs to the root directory of your project. Further details at Analysis Parameters.

Include a comma-separated list of source folders. Exclude some files per Narrowing the Focus.

Specify the proper language; it seems the extension is usually the way (e.g., js for javascript - javascript itself didn't seem to work). If you omit any languages, "multi-language mode" will trigger and provide a consolidated report.

Install the proper plugins from the GUI since you're an administrator (see above).

Bonus: install SonarLint for IntelliJ.

Further analysis

There seem to be dozens of other tools, and it's not clear how much they add. One thing I'd like to see is UML diagramming and call graphs for Javascript; there are a few tools mentioned in tools to generate UML diagrams for exisiting classes in javascript (Stackoverflow) but all look like they'd take a lot of work to get running. There's also jscomplexity.org and the complexity-report, codeclimate.com.

For PHP, there is PHP_Depend (which has some interesting philosophical observations in its approach), and a variety of others listed at Is there a static code analyzer [like Lint] for PHP files?.