Automated Security Checks, including Checkmarx
Here at PublishPress, we deeply care about the security of our plugins.
We aim to solve all security issues. Our goal is develop, test, release and announce patches as quickly as possible after issues have been discovered.
If you have found a possible issue, please read this guide on how to report to our team.
On several occasions, we've had reports from automated security scans. The most common provider of these is Checkmarx.
If these scans find any issues, we definitely do want to hear the details.
However, we do have a note of caution: these automated reports can sometimes produce a high rate of false positives. The scans are often useful indicators of potential problems that should be checked by a developer.
If you run one of these automated reports, please do contact us if it finds issues. Please don't assume that the issues in the report are either correct or incorrect: seek confirmation from a human developer.