SAST tools

Cppcheck (C/C++)

Cppcheck
Cppcheck is a static analysis tool for C/C++ code. It provides unique code analysis to detect bugs and focuses on detecting undefined behaviour and dangerous coding constructs. The goal is to have very few false positives. Cppcheck is designed to be able to analyze your C/C++ code even if it has non-standard syntax (common in embedded projects).

Dlint (Python)

Dlint
Dlint is a tool for encouraging best coding practices and helping ensure Python code is secure.

progpilot (PHP)

progpilot
A static analysis tool for security

NodeJsScan (JavaScript)

NodeJsScan
Static security code scanner (SAST) for Node.js applications.

PHPStan (PHP)

PHPStan
PHP Static Analysis Tool - discover bugs in your code without running it!

PMD (Java)

PMD
PMD is a source code analyzer. It finds common programming flaws like unused variables, empty catch blocks, unnecessary object creation, and so forth.