lgtm.com is a platform for code analytics. It's free to use for open source software; results for over 55k projects are readily available (add your own!), has automatic code review pull request integration (GitHub, Bitbucket, GitLab), and much more.
WhiteSource Bolt is a FREE tool that scans all of your projects to detect vulnerable open source components. It provides actionable remediation paths to enable a quick fix. Available on Github & Azure DevOps Marketplaces: bolt.whitesourcesoftware.com