SAST (Static Application Security Testing)

Static application security testing (SAST) is a set of technologies designed to analyze application source code, byte code and binaries for coding and design conditions that are indicative of security vulnerabilities. SAST solutions analyze an application from the “inside out” in a non-running state.

Gitleaks : SAST tool for detecting hardcoded secrets like passwords, api keys, and tokens in git repos.
Guardrails : GuardRails empowers developers to find, fix, and prevent security vulnerabilities in their web and mobile applications.
Sonarqube
Try Sonarqube