In terms of source code scanning, there is no-one-size-fits-all solution. There are also no scanning tools that can find zero false positives with a 100% accurate detection rate. Therefore, for the same programming language, it's common that we may apply at least two scanning tools for a cross-reference check.
Here are some commonly used open-source secure coding analysis tools, as in 2018. Note that we only list open source tools here:
Tools |
Background and key characteristics of the scanning tool |
Retire.JS
|
|
Clang ... |