* [gosec v2.25.0](https://github.com/securego/gosec) – Inspects Go source code for security issues by scanning the AST and SSA representations.

* [Node File Trace 1.4.0](https://github.com/vercel/nft) – Node.js dependency tracer that lists all runtime files and node_modules required by an application.

* [Semgrep v1.156.0](https://github.com/semgrep/semgrep) – Fast static analysis tool that searches code for bugs and enforces coding standards.

* [revive v1.15.0](https://github.com/mgechev/revive) – Fast and configurable linter for Go with support for custom rules and strict presets.

* [Syft v1.42.2](https://github.com/anchore/syft) – CLI tool and library for generating Software Bill of Materials from container images and filesystems.

* [Dependency cruiser v17.3.9](https://github.com/sverweij/dependency-cruiser) – Validate and visualize project dependencies with customizable rules.

* [CodeBoarding v0.9.5](https://github.com/CodeBoarding/CodeBoarding) – LLM-enhanced static-analysis tool that generates interactive, high-level diagrams of codebases to aid onboarding and comprehension.

* [Grant v0.6.3](https://github.com/anchore/grant) – CLI and Go library for scanning and enforcing software licenses in container images, SBOMs, and filesystems.

* [skott skott@0.35.8](https://github.com/antoine-coulon/skott) – Minimalist developer tool to generate and visualize directed graphs of JavaScript/TypeScript project dependencies with metadata and circular dependency detection.

* [stank v0.0.42](https://github.com/mcandre/stank) – Recursively finds POSIX-derived shell scripts and provides their paths for external linters.

* [Qodana v2025.3.2](https://github.com/JetBrains/qodana-action) – Code quality monitoring tool that identifies and suggests fixes for bugs, security vulnerabilities, and code duplications.

* [SonarJS 12.1.0.39434](https://github.com/SonarSource/SonarJS) – Static code analyzer for JavaScript, TypeScript, and CSS providing code quality, security rules, and metrics.