What would you like to be added:
Hi, I am performing an evaluation study on Java SAST tools, and I noticed that Horusec is better than other tools like Spotbugs(with FindSecurityBugs) when running on our dataset.

• However, we found that Horusec cannot support to scan vulnerabilities related to CWE-682 and CWE-697. which is an interesting point to us. So, we want to inquire developers that why these types are not supported? We infer that it is because that these types are overlapping with other CWE classes, but we are not sure.

• Another concern is that we found that the time performance of Horusec is better than Semgrep although Semgrep is one of the tools integrated within it. Is there any optimization technology related architecture?

We will appreciate it if you could kindly explain this point of view.