We developed Code Sight’s SAST engine for speed from ground up. It builds upon the effective, resilient frameworks and APIs that have benefitted Synopsys Coverity for years.
Rapid Scan Static currently has a set of 24 taint flow checkers for Java that will help you find vulnerabilities such as SQL Injection, Path Traversal, and Command Injection. The team is currently hard at work adding more checkers and bringing taint flow analysis to other languages that Rapid Scan Static supports. In terms of modeling, the current engine focuses on the dominant framework for Java web application development, Spring. Of course, we plan to evolve our support for Spring and expand to other frameworks.