Dawnscanner: Dawnscanner is an open source security source code analyzer for Ruby, supporting major MVC frameworks like Ruby on Rails, Padrino, and Sinatra. It also works on non-web applications written in Ruby.
Deep Dive: Byte code analysis tool for discovering vulnerabilities in Java deployments (EAR, WAR, JAR).
Graudit: Scans multiple languages for various security flaws. Basically security enhanced code Grep.
./graudit -A /src/php/app
HCL AppScan CodeSweep: This is the first Community edition version of AppScan. It is delivered as a VS Code plugin and scans files upon saving them. The results show the location of a finding, type and remediation advice. The tool currently supports Python, Ruby, JS (Node, Angular, JQuery, etc) , PHP, Perl, COBOL, APEX & a few more.
Progpilot: Progpilot is a static analyzer tool for PHP that detects security vulnerabilities such as XSS and SQL Injection.
Security Code Scan: Static code analyzer for .NET. It will find SQL injections, LDAP injections, XXE, cryptography weakness, XSS and more.
ShiftLeft Scan: A free open-source DevSecOps platform for detecting security issues in source ode and dependencies. It supports a broad range of languages and CI/CD pipelines by bundling various open source scanners into the pipeline.
phpcs-security-audit: A set of PHP_CodeSniffer rules to finds flaws or weaknesses related to security in PHP and its popular CMS or frameworks. It currently has core PHP rules as well as Drupal 7 specific rules.