Hi,

I don't think there is any dedicated tool which can be run on Pega applications. As you have mentioned that you are aware of Rule Security Analyzer.This tool searches through non-autogenerated rules to find specific JavaScript or SQL coding patterns that may indicate a security vulnerability. (will not operate on rules in standard Pega- Rulesets).

Also during runtime, you can make use of PegaALERTS log which would log few SECUXXX alerts based on the different security use-cases. (like invalid chars detected, CSRF attack detected and many others)

Refer to Security alerts section for the list of alerts and individual alert details 

https://community.pega.com/knowledgebase/articles/performance-alerts-se…

Hope this helps!

Thank You,