Qodana Action alternatives for AI agents.

DeepAudit：人人拥有的 AI 黑客战队，让漏洞挖掘触手可及。国内首个开源的代码漏洞挖掘多智能体系统。小白一键部署运行，自主协作审计 + 自动化沙箱 PoC 验证。支持 Ollama 私有部署 ，一键生成报告。支持中转站。​让安全不再昂贵，让审计不再复杂。

AI code reviews grounded in 12 classic engineering books — decay risk diagnostics with book citations, severity labels, and 6 analysis modes including full-sweep auto-fix

🐶 Automated code review tool integrated with any code analysis tools regardless of programming language

⚠️ Stop saying "you forgot to …" in code review

📝 Source repository of Qodana Help

Catch the slop AI coding agents leave in your code: narrative comments, swallowed exceptions, as-any casts, dead code, oversized functions. 50+ rules across 8 languages (TypeScript, JavaScript, Python, Go, Rust, Ruby, PHP). Sub-second, deterministic, no LLM at runtime. MIT-licensed.

GitHub on steroids

nodejsscan is a static security code scanner for Node.js applications.

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

The developer platform for on-demand cloud development environments to create software faster and more securely.

🚀 PR Agent: The Original Open-Source PR Reviewer. This project It is not the Qodo free tier.

Your agent writes bad React. This catches it

Static Code Analysis - 静态代码分析

Annotate and review coding agent plans and code diffs visually, share with your team, send feedback to agents with one click.

Open-source & free — Battle-tested at Alibaba's scale. Hybrid architecture code review tool: deterministic pipelines + LLM Agent, precise line-level comments, built-in fine-tuned ruleset (NPE, thread-safety, XSS, SQL injection), OpenAI & Anthropic compatible.

🚫 Stop saying "you forgot to …" in code review (in Ruby)