Tooling SAST Tools CodeQL (github.com) Download | SonarQube | Sonar (sonarsource.com) Semgrep — Find bugs and enforce code standards GitHub - facebook/mariana-trench: Our security focused static analysis tool for Android and Java applications.