1. SonarQube -
static analysis that finds all kinds of problems in your code
2. Software Composition Analysis Tools:
- WhiteSource Bolt
- Black Duck (and)
- Snyk
3. Zed Attack Proxy -
a dynamic analysis tool which executes lightweight security penetration tests against your deployed code
Check Azure release pipeline scanning OWASP top 10 issues in your website
https://marketplace.visualstudio.com/items?itemName=CSE-DevOps.zap-scanner
