Consider leveraging SonarCloud

[toddbaert]

We can consider implementing https://github.com/apps/sonarcloud, which is free for OSS projects. The CNCF doesn't seem to provide any free SAST tools.

[thomaspoignant]

I use it and it is quite easy to setup, you just have to create an account on https://sonarcloud.io/ and link the GitHub account.