Analyzer Problem: Security Code Scan - Failing dotnet/MSBuilds Breaks Results

We currently have a problem with the Security Code Scan analyzer in SAST that is a blocker to using it. It uses the vivx file (Visual Studio Code extension) to bootstrap it's scans. The problem is that there appears to be known conditions where builds fail in Security Code Scan and the scanner fails SAST without result because of it. Take this multi-project repo as a for instance in our build pipeline:

$ /analyzer run
[INFO] [security-code-scan] [2021-07-12T21:35:48Z] ▶ GitLab security-code-scan analyzer v2.20.3
[INFO] [security-code-scan] [2021-07-12T21:35:48Z] ▶ Detecting project
[INFO] [security-code-scan] [2021-07-12T21:35:48Z] ▶ Found project in 
[INFO] [security-code-scan] [2021-07-12T21:35:48Z] ▶ Running analyzer
[INFO] [security-code-scan] [2021-07-12T21:35:48Z] ▶ Found solution 
[WARN] [security-code-scan] [2021-07-12T21:35:51Z] ▶ Unable to build project using `dotnet`, attempting to build using `nuget` and `msbuild`
[FATA] [security-code-scan] [2021-07-12T21:35:58Z] ▶ Unable to build project from solution file using `nuget and `msbuild`.
output: %!s(<nil>)
error: Error exit status 1 on nuget restore:
MSBuild auto-detection: using msbuild version '15.0' from '/usr/lib/mono/msbuild/15.0/bin'.
/usr/share/dotnet/sdk/2.1.816/Sdks/Microsoft.NET.Sdk/targets/Microsoft.NET.TargetFrameworkInference.targets(137,5): error NETSDK1045: The current .NET SDK does not support targeting .NET Core 3.1.  Either target .NET Core 2.1 or lower, or use a version of the .NET SDK that supports .NET Core 3.1.
/usr/share/dotnet/sdk/2.1.816/Sdks/Microsoft.NET.Sdk/targets/Microsoft.NET.TargetFrameworkInference.targets(137,5): error NETSDK1045: The current .NET SDK does not support targeting .NET Core 3.1.  Either target .NET Core 2.1 or lower, or use a version of the .NET SDK that supports .NET Core 3.1.
/usr/share/dotnet/sdk/2.1.816/Sdks/Microsoft.NET.Sdk/targets/Microsoft.NET.TargetFrameworkInference.targets(137,5): error NETSDK1045: The current .NET SDK does not support targeting .NET Core 3.1.  Either target .NET Core 2.1 or lower, or use a version of the .NET SDK that supports .NET Core 3.1.

In Security Code Scan 5.2.1 a cli argument (--ignore-msbuild-errors) feature was added in the last version (not available in the VSC extension) that allows a bypass of failing build files. I assume this is to rectify this problem for container and native compile builds but there is no reason to think this would be added (see authors mention) in an extension.

Additional links describing this problem in detail (work-arounds don't work):

• https://github.com/security-code-scan/security-code-scan/issues/201
• #300368 (closed)

What'd I expect to receive is something like:

JSON result for successful projects

Unable to build project from solution file using `nuget and `msbuild`.
- Project 1
- Project 2
- Project 3

We have a Gitlab Ultimate on-prem instance and I can reproduce this if someone from Gitlab wants to view it.