https://github.com/wireghoul/graudit
Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility grep. It's comparable to other static analysis applications like RATS, SWAAT and flaw-finder while keeping the technical requirements to a minimum and being very flexible.
graudit uses extended regular expressions (POSIX) as it's signatures and comes with several databases ready for use. You can extend the existing databases or make your own if you require additional signatures.
Databases can be loaded from multiple locations, the order of precedence is as follows:
The following databases are included: