The open source or freely available tools in this space do tend to be more focused on a single language. For example, FindBugs and PMD do static analysis for Java. They are mostly focused on quality issues, but they also find some security defects. For .NET environments, FxCop from Microsoft checks for quality and security issues.
The OWASP Orizon project is intended to be a cross-language framework for security source code review. It is currently in the early stages, but support for both Java and .NET is planned.
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.