SAST Scanners
Semgrep
Static analysis for 30+ languages
e.g., p/security-audit, p/owasp-top-ten
njsscan
Node.js security scanner
SonarQube
Code quality & security analysis โ runs as a built-in service, managed automatically.
AI Review
AI-powered code vulnerability detection
DAST Scanners
OWASP ZAP
Dynamic application security testing