I think that isn’t true. It seems semgrep is for that, a tool I didn’t know of until the other day (see JuliaCon video on it), and that it added support for Julia in 2023:
Likely should be added here (where you can see other static-analysis tools [including for Julia]): GitHub - analysis-tools-dev/static-analysis: ⚙️ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.