The Rough Auditing Tool for Security is an open source tool developed by Secure Software Engineers. Since then it has been acquired by Fortify, which continues to distribute it free of charge (here external link). It scans various languages, including C, C++, Perl, PHP and Python.

https://security.web.cern.ch/security/recommendations/en/codetools/rats.shtml