Mirsad — a lightweight, dependency-free, taint-aware PHP static security scanner (SAST). Single Python file, no install. Outputs SARIF for GitHub code scanning. MIT. - salah23222/php-security-scanner ...