https://www.zaproxy.org/
A GitHub Action for running the OWASP ZAP Full Scan to perform Dynamic Application Security Testing (DAST).
https://github.com/marketplace/actions/owasp-zap-full-scan
https://github.com/analysis-tools-dev/dynamic-analysis
https://github.com/analysis-tools-dev/static-analysis