We used popular Java SAST benchmarks to track progress and transparency in our SAST capabilities. We published scores for three top-performing benchmarks: OWASP, SecurityShepherd, and WebGoat, along with ground truths and instructions on how to reproduce the results. Our approach involved selecting projects based on popularity, vulnerability, test cases, and vendor neutrality. The scores demonstrate a high True Positive Rate (TPR) of 90% and a low False Discovery Rate (FDR), indicating accurate detection of security issues. We provide ground truths and ignored-findings.json files to facilitate replication of the results and encourage human review of detected Security Hotspots. Our goal is to bring transparency and help companies make informed decisions about their SAST solutions.