Code scanning feature to highlight potential security issues in source code

Proposal

We currently have SAST that check for source code for known vulnerabilities. This feature request is different in that it scans for patterns in the code that raise concerns due to security smells or security hotspots as described here.

In addition, to integrate approval workflow in merge requests before merging.