Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.
For python and php, the tools can perform taint analysis to identify both source and sink. Despite this, only the source is reported for python and sink for php. It will be nice to report the sink and present both the source and the sink as codeFlows in SARIF.
For python and php, the tools can perform taint analysis to identify both source and sink. Despite this, only the source is reported for python and sink for php. It will be nice to report the sink and present both the source and the sink as codeFlows in SARIF.