We use it in
https://shields.io/ for JavaScript. It finds semantic bugs that are really hard for humans to find. I think it especially shines at finding problems in old code. Yes, old code is good code, though it may not be secure. Also unused code, like React state that is set but never read.
I used it for Nock, too, to make some quick fixes: https://github.com/nock/nock/pull/1301/files
In Shields we have the PR app turned on and it keeps us alert to problems during the review process. It's slower than CI, though usually problems manifest early enough in the review process that they can be fixed before merge.
I used it for Nock, too, to make some quick fixes: https://github.com/nock/nock/pull/1301/files
In Shields we have the PR app turned on and it keeps us alert to problems during the review process. It's slower than CI, though usually problems manifest early enough in the review process that they can be fixed before merge.