Free static aplication security testing tool for open-source code (opens in new tab)

Its a DevSec tool rather than traditional security static analysis focused on a very specific but important use case of helping developers avoid using vulnerable or insecure open-source libraries.