I don’t know how good this is but from one tweet by someone who might (or might not) know… I was impressed 
It looks worth trying for anyone writing secure code (it teaches security, in part by spotting security flaws and suggesting fixes) for…
Jacks is a cloud-based developer tool that works with you as you code,
using technologies you are already familiar with. Through source-code
analysis of your GitHub repo, Jacks identifies areas of improvement and
provides actionable recommendations so that you can write secure code
faster. Jacks is available at a free tier for developers using
JavaScript in the ExpressJS, NodeJS, HapiJS, and AngularJS frameworks
and Java in the Spring framework.
Apparently it is now free, so off you go…