Need to run static code analysis weekly for several repos to detect dependency vulnerabilities and SAST issues. What are my best options?

This page summarizes the projects mentioned and recommended in the original post on /r/devsecops
Code Analysis Sonarqube Code Quality Static Analysis

WorkOS
Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • SonarQube

    Continuous Inspection

    • I would start with Sonarqube. you can even pay for more languages - https://www.sonarqube.org/

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

    WorkOS logo
NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts