9.11.1. 通用
- Cobra
- Semmle QL
- Sourcetrail free and open-source cross-platform source explorer
- trivy A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI
- fortify
9.11.2. PHP
- RIPS
- prvd
- phpvulhunter
- chip a simple tool to detect potential security threat in php code
9.11.4. Java
- find sec bugs
- Gadget Inspector A byte code analyzer for finding deserialization gadget chains in Java applications