I'm having a very quick tinker with a tool called SonarQube for code quality scanning.
One of my colleagues had asked whether SQ can scan scripts e.g. Bash, which made me go "Hmmmm" and start to play ...
As you'd expect, I started with a Docker container: -
docker pull sonarqube