It can detect 141 different vulnerability types with over 823 unique API signatures.
Cover popular frameworks including Spring-MVC, Struts, Tapestry and many more.
Plugins are available for Eclipse, IntelliJ / Android Studio and NetBeans. Command line integration is available with Ant and Maven.
Extensive references are given for each bug patterns with references to OWASP Top 10 and CWE.
The project is open-source and is open for contributions.