Is there any specific integration for scanning WordPress plugins? There are a number of WordPress specific security flaws to look out for. For example one-time security tokens (nonces). There’s more on plugin and theme security on WordPress codex site.
I found another discussion about general WordPress analysis, but it seems it didn’t go anywhere. Did you make any progress on this since 2018? Did any other WordPress plugin authors get in touch with similar questions/requirements?