Code scanning can now be set up to never cause a pull request check failure.
By default, any code scanning alerts with a
high will cause a pull request check failure.
You can specify which
security-severity level for code scanning results should cause the code scanning check to fail, including
None, by going to the Code security and Analysis tab in the repository settings.
This has shipped to GitHub.com and will be available in GitHub Enterprise Server 3.9. Learn more about severity levels for security alerts and Code scanning results check failures on pull requests.