Reduce false positives in Security Reports

This is one of the main current pain points, according to our customers. I'd like to explore in this issue what we can do in the different areas that we cover (SAST, DAST, etc.) to change this situation. Too long we focused our attention on the scanners themselves, but it seems obvious not that we'll be using them for a while. Improving these analyzers is often beyond our ability or capacity. So we should also think out of the box, and explore what can be done elsewhere.

In the future, we might have our own engine, and elaborated rules, but we also need to iterate in the meantime to fix the current situation. Items in the comments below should link to issues when they will be created.