Since aeons, people have been writing code which is filled with vulnerabilities and really inefficient typings.

A solution is much needed to prevent these writing in realtime WHILE they're being written and WHILE they're about to be integrated into a much large scale product.

What else could be a solution to this other than a VSCode extension and a github app (bot), where 95% of the world writes their code ?

Sentinel (extension) & Sentirism (the github application) provide developers realtime checks when they're writing their code based on rule enforcement via YARA configs which are dynamically selected based on the language a user is writing. Users are also flexible to define their own rules. When these are being enforced, they are visually indicated on the IDE as potential warnings. The SecBERT transformer running in the background which will also suggest the users way they can improve their code.

Further more, the github application runs a lot of security checks like trivy, syft and grype to analyze the SBOM of the product and the fine-tuned transformer also performs line-by-line code review just like coderabbit.