Static code analyzer for grav and admin plugin

I am new to grav and currently researching its code security. Is there already something shows all vulnerabilities that the grav code has and list of false positives?

When we have used static code analyzer(fortify) it found many vulnerabilities. It is possible that many of them are false positives, most of them are in grav core! What is the best way to introduce them to contributors?

We used fortify to analyze the grav code and see any security risk.

Hi @lahar , might find this info helpful:

1 Like

Grav uses PHPStan, and to my knowledge there are no new reported, public vulnerabilities at this time.

1 Like