The Next Step Is to Run a Custom Credo

The next step would be something that actually do security focused analysis. And then, dializer, next step. I know that some people do not put specs in the project. But it's up to you which code check you will enable or disable. This is only pliable to the project where you actually have a DB. It does a couple of checks that may help you in the project as things such as SQL injection, cross-site scripting, insecure configuration, et cetera. You can see a list of things that it checks on a GitHub, for instance.