SAST for PHP
With the upcoming split between SAST and Dependency Scanning, PHP will "get out" of SAST. We only do Dependency Scanning for PHP projects. We can add PHP support to SAST with the following tools (to be benchmarked):
- https://github.com/FloeDesignTechnologies/phpcs-security-audit
- https://github.com/designsecurity/progpilot
If the tools are complementary, we can use both and filter duplicates (based on reported line).
/cc @bikebilly
Edited by Fabio Busatto