I am working on a Cordova Application (Cordova 7.0.1) and am required to run a Source Scan on the Mobile App by our company's security team. I decided to create the Cordova Android (cordova-android 6.3.0) project and run the Source Scan on that.
The results include 143 finding, 36 of which are High severity. All of them are from the Cordova Java code in the Android Project. I was astonished by this since Cordova is widely used. Are these legitimate findings and if so do I have to change the Cordova code myself?
I was only able to find one relevant link on the topic: http://www-01.ibm.com/support/docview.wss?uid=swg21989966