Tools for security and stability audits; what do you use?
As my apps are becoming more and more mission critical and get larger audiences I wonder how I can learn more about security and stability of my code. At the moment I use OWASP and SonarQube (love that!) for php and javascript, but they can be tricky to setup and give you a gazillion mistakes in frameworks like 'this code should be put on a new line'.
I'm curious, what do you do for auditing?