The solution is a static code analysis tool. That's basically what we use it for in our organization.
What is SonarCloud?
SonarCloud is the leading online service to catch Bugs and Security Vulnerabilities in your Pull Requests and throughout your code repositories. Totally free for open-source projects (paid plan for private projects), SonarCloud pairs with existing cloud-based CI/CD workflows, and provides clear resolution guidance for any Code Quality or Code Security issue it detects. With more than 1 billion lines of code analyzed every week, SonarCloud empowers development teams of all sizes to write cleaner and safer code, across 24 programming languages.
Download the Application Security Testing (AST) Buyer's Guide including reviews and more. Updated: October 2021
Microsoft, Apache, Wikimedia foundation, Brave