I like working with application-code-reviewer (ACR), it will evaluate your application for any harmful practices and generate an overview of potential issues. Each issue is categorized with a specific level, and documentation is provided to explain the reasons behind its detrimental nature. As a developer, you have the option to selectively whitelist certain problems.
https://www.clevr.com/solutions/developer-suite/application-code-reviewer