> Maybe next they can sell something to find the bugs in the security scanner ?

So, tokens are used to produce sloppy code, and then this thing uses more tokens to fix vulnerabilities in the slop ? Whats not to like in this business model ? Similar to microsoft's. Create an OS which is vulnerable, and then enable business models for anti-virus software. Everyone wins.

More seriously, linters are turned off in ci because the amount of time spent chasing false-positives is prohibitive.