While one may want to fail the workflow run if a vulnerability meets a certain severity level, it would still be nice to see the lower severity vulnerabilities that are being introduced, if only as informational.
IIRC, the current behavior is that, when fail-on-severity is set, the Action only reports/shows vulnerabilities that meet that severity level, and ignores all others. The difference that I'm requesting is to still show the lower severity vulnerabilities, but not fail on them.
While one may want to fail the workflow run if a vulnerability meets a certain severity level, it would still be nice to see the lower severity vulnerabilities that are being introduced, if only as informational.
IIRC, the current behavior is that, when
fail-on-severityis set, the Action only reports/shows vulnerabilities that meet that severity level, and ignores all others. The difference that I'm requesting is to still show the lower severity vulnerabilities, but not fail on them.