Here's a good one: A few years back, I had a quick stint as a wordpress PHP magician. The php community has a tool called php code sniffer. The wordpress community has a collection of "sniffs" (rules) to enforce coding conventions[0]. One folder of rules is called "Security"[1]. Set up a git precommit hook to run phpcs with whatever set of rules you like and it will give you a list of things you need to fix before your code can be committed. Automatically.
In the JS/webpack/react world, there's eslint. You can write custom rules to automatically check for and enforce whatever you have on your checklist.
reply