* [Semgrep v1.165.0](https://github.com/semgrep/semgrep) – Fast static analysis tool that searches code for bugs and enforces coding standards.

* [Syft v1.45.0](https://github.com/anchore/syft) – CLI tool and library for generating Software Bill of Materials from container images and filesystems.

* [gosec v2.27.0](https://github.com/securego/gosec) – Inspects Go source code for security issues by scanning the AST and SSA representations.

* [CodeBoarding v0.12.0](https://github.com/CodeBoarding/CodeBoarding) – LLM-enhanced static-analysis tool that generates interactive, high-level diagrams of codebases to aid onboarding and comprehension.

* [Dependency cruiser v17.4.3](https://github.com/sverweij/dependency-cruiser) – Validate and visualize project dependencies with customizable rules.

* [WALA v1.7.2](https://github.com/wala/WALA) – Static analysis capabilities for Java bytecode, JavaScript, and related languages.

* [Grant v0.6.6](https://github.com/anchore/grant) – CLI and Go library for scanning and enforcing software licenses in container images, SBOMs, and filesystems.

* [nilnil v1.1.2](https://github.com/Antonboom/nilnil) – Go linter detecting simultaneous return of nil error and invalid value.

* [SonarJS 12.5.0.41048](https://github.com/SonarSource/SonarJS) – Static code analyzer for JavaScript, TypeScript, and CSS providing code quality, security rules, and metrics.