I'm guessing you were using tools like coverity? I actually never used such tools. I mostly did manual reviews and sometimes implemented fuzzers with AFL. But most of the code I looked at was crypto code. Did that at Matasano/NCC Group from 2015-2019
it's been 15 years so I don't remember the names of the tools, but coverity rings a bell. There was one that we used to make fun of a lot because it was written in Java, but it was by far the best at finding stuff. It would even show you the AST to help point out problems. I'm suddenly feeling really nostalgic about GUIs written in Swing and SWT :-D
