Code scanning can now be set up to never cause a pull request check failure.
By default, any code scanning alerts with a security-severity
of critical
or high
will cause a pull request check failure.
You can specify which security-severity
level for code scanning results should cause the code scanning check to fail, including None
, by going to the Code security and Analysis tab in the repository settings.
This has shipped to GitHub.com and will be available in GitHub Enterprise Server 3.9. Learn more about severity levels for security alerts and Code scanning results check failures on pull requests.