| APKHunt | Static code analysis for Android apps that is based on the OWASP MASVS framework | https://github.com/Cyber-Buddy/APKHunt | Free | code_analysis |
| Brakeman | Static analysis security vulnerability scanner for Ruby on Rails applications | https://github.com/presidentbeef/brakeman | Free | code_analysis |
| Joern | Code analysis platform for C/C++/Java/Binary/Javascript/Python/Kotlin based on code property graphs | https://github.com/joernio/joern | Free | code_analysis |
| APKLeaks | Scanning APK file for URIs, endpoints and secrets | https://github.com/dwisiswant0/apkleaks | Free | code_analysis |
| Bearer | Static application security testing tool that helps discover, filter, and prioritize security risks and vulnerabilities | https://github.com/bearer/bearer | Free | code_analysis |
| Dawnscanner | Sstatic analysis security scanner for ruby written web applications; supports Sinatra, Padrino and Ruby on Rails frameworks | https://github.com/thesp0nge/dawnscanner | Free | code_analysis |
| CodeCat | Automatic code static analysis tool to detect bugs and vulnerabilities | https://github.com/CoolerVoid/codecat | Free | code_analysis |
| CodeQL | Semantic code analysis engine; discover vulnerabilities across a codebase, lets you query code as though it were data, write a query to find all variants of a vulnerability | https://github.com/github/codeql | Free | code_analysis |
| Kube-hunter | Scanner for security weaknesses in Kubernetes clusters | https://github.com/aquasecurity/kube-hunter/ | Free | code_analysis |
| Adhrit | Android APK reversing and analysis suite | https://github.com/abhi-r3v0/Adhrit | Free | code_analysis |
| AndroBugs Framework | Android APK vulnerability analyzer | https://github.com/AndroBugs/AndroBugs_Framework | Free | code_analysis |
| cIFrex | Regexp static code analysis | https://github.com/MaksymilianA/cifrex | Free | code_analysis |
| LICMA | Language Independent Crypto-Misuse Analysis; multi-language analysis tool to identify incorrect initialization of crypto functions | https://github.com/stg-tud/licma | Free | code_analysis |
| MobSF | Android APK vulnerability analyzer | https://github.com/MobSF/Mobile-Security-Framework-MobSF | Free | code_analysis |
| Semgrep | Static analysis engine for detecting vulnerabilities for many languages | https://github.com/returntocorp/semgrep | Paid | code_analysis |
| StaCoAn | Mobile applications static code analysis tool | https://github.com/vincentcox/StaCoAn | Free | code_analysis |
| SUPER | Android APK vulnerability analyzer | https://github.com/SUPERAndroidAnalyzer/super | Free | code_analysis |
| NodeJsScan | Static security code scanner for Node.js applications | https://github.com/ajinabraham/NodeJsScan | Free | code_analysis |
| SonarQube | Automatic code review tool to detect bugs, vulnerabilities; continuous code inspection automated with static code analysis rules | https://github.com/SonarSource/sonarqube | Free | code_analysis |
| Trivy | Vulnerability and misconfiguration scanner for containers (OS and language-specific packages) | https://github.com/aquasecurity/trivy | Free | code_analysis |
| weggli | Semantic search tool for C and C++ designed to help security researchers identify interesting functionality in large codebases | https://github.com/weggli-rs/weggli | Free | code_analysis |
| Tfsec | Misconfiguration scanner for terraform code | https://github.com/aquasecurity/tfsec | Free | code_analysis |
| wpBullet | Static code analysis for WordPress Plugins and Themes (and PHP) | https://github.com/webarx-security/wpbullet | Free | code_analysis |
| QARK | Android APK vulnerability analyzer | https://github.com/linkedin/qark | Free | code_analysis |