For a free and easy way to scan your code for quality issues, check out SonarQube Community Edition.
For a free and easy way to run a SAST and SCA scan on your source code, checkout Semgrep. You can see a working Github action on my project:
Here are some examples of common vulnerabilities seen in source code.
Go back