Its a DevSec tool rather than traditional security static analysis focused on a very specific but important use case of helping developers avoid using vulnerable or insecure open-source libraries.