I ran brakeman on our app and it found a bunch of things that were almost vulnerabilities because it was unable to work out the source of some data going in to a potentially unsafe function but after I inspected all of them, none of them were actual vulnerabilities. Meanwhile a bunch of real issues go undetected that could have been spotted in a language like rust.