Comment by locknitpicker

> But the entire value is that it can be automated. If you try to automate a small model to look for vulnerabilities over 10,000 files, it's going to say there are 9,500 vulns. Or none. Both are worthless without human intervention.

How is this preferable or even comparable with using COTS security scanners and static code analysis tools?