Mosca is a manual static analysis tool written in C designed to find bugs in the code before it is compiled, much like a grep unix command.

There are various ‘egg’ modules which contain patterns to scan for, it can scan through files recursively limited by file extension and logs results to an XML text file.

It’s also fairly easy to extend and add your own modules/eggs/languages.

Manual Static Analysis Tool Language Support

Languages it can scan for vulnerabilities are:

ASP

C

C#

Java

JavaScript

PHP

Ruby

Swift

You can download Mosca here:

Mosca-master.zip

Or read more here.