You can now configure which code scanning alert severity levels cause a pull request check to fail. This lets you prevent pull requests that generate alerts with chosen severity levels from being merged into your codebase.
This is set at repository level, and lets you define whether alerts with severity
note will cause a pull request check to fail.
By default, code scanning alerts with severity
error will cause a pull request check failure.
For more information see "Defining which alert severity levels cause pull request check failure."