I've been working on static analysis products for almost a decade and I must admit I am not impressed with your "AST visitor approach" for creating custom checks. It seems you are doing the same as SonarQube.
However I am curious about your claim " Unlike any other code checker out there, we’ve conceived code error as patterns, not as rules." , could you be more specific?
Thanks for the feedback! Our "AST visitor" approach is currently not very different compared to existing methods. However, we store the whole AST (including earlier version of the code) in a graph for fast retrieval and add a lot of context information to each vertex in the code tree. Having the code patterns and faulty code in a database, we can make use of user-feedback to (semi-)automatically improve our code patterns for a given error using example-based learning. In that sense the algorithm is much more adaptable than existing technologies.
However I am curious about your claim " Unlike any other code checker out there, we’ve conceived code error as patterns, not as rules." , could you be more specific?