95% seem to be essentially professional box tickers. They don’t care about security, but only about process compliance. As long as the scanner finds no CVEs, the app is secure.
I want people who actually know, how I can improve my code. I’m pretty sure I screwed up security stuff, but will never know.