SonarSource provides a static code analysis for Apex. Based on our own technology, it can find Bugs, Security Vulnerabilities, and Code Smells. As with everything we develop at SonarSource, it was built on the principles of depth, accuracy, and speed.
SonarSource's Apex analysis has a great coverage of well-established quality standards. This capability is available in Eclipse and VS Code for developers (SonarLint) as well as throughout the development chain for automated code review with self-hosted SonarQube or cloud-based SonarCloud.
SonarSource's Apex analysis supports all the standard metrics implemented by SonarQube including Cognitive Complexity.