I've been following this thread for a good while. I'm responsible for recommending security tools for a large professional community in the UK.
I'm not currently able to recommend this product however passionate the developers might be.
In this thread there seems to be some conflation around security practices of:
1. the business itself with respect to penetration testing, security and integrity of the code (to prevent malicious code being added to source), process security (to defend against social engineering of the developers etc) and so on.
2. the code base and arch