Consider enabling CodeQL

I just learned about CodeQL and it seems quite interesting for detecting vulnerabilities.
Is there something you have had experience in the past?
Would it be worth it to enable CodeQL scanning on this repository?