I am new to grav and currently researching its code security. Is there already something shows all vulnerabilities that the grav code has and list of false positives?
When we have used static code analyzer(fortify) it found many vulnerabilities. It is possible that many of them are false positives, most of them are in grav core! What is the best way to introduce them to contributors?
We used fortify to analyze the grav code and see any security risk.
https://www.microfocus.com/en-us/products/static-code-analysis-sast/overview