Welcome!
That doesn’t seem like a very good first task to take on if you’re not very familiar with rails and Discourse.
The Discourse team takes security very seriously and, in addition to their team of full-time developers, has HackerOne actively looking for security issues: HackerOne. See also How secure is Discourse?
Unless you’re testing the security of code that you developed, I’d recommend that you spend your time on mostly anything else. The likelihood that an automated tool will identify a legitimate security issue is very, very, close to nil. There are a bunch of people with a better sense of sucurity issues in Rails and Discourse than you who are actively working on the job.