SAST for PHP

With the upcoming split between SAST and Dependency Scanning, PHP will "get out" of SAST. We only do Dependency Scanning for PHP projects. We can add PHP support to SAST with the following tools (to be benchmarked):

https://github.com/FloeDesignTechnologies/phpcs-security-audit
https://github.com/designsecurity/progpilot

If the tools are complementary, we can use both and filter duplicates (based on reported line).

/cc @bikebilly

Edited Mar 28, 2018 by Fabio Busatto