Assign Severity values to Security Code Scan findings
The Security Code Scan analyzer (for .NET/C#) currently outputs all findings with a severity level of
- It's harder for security and development teams to understand which findings need to be addressed.
- Customers can't implement merge request approvals and other controls based on finding severity.
Adopt a similar approach to other analyzers where we provide a severity based on our analysis of associated CWEs, likely following the approach outlined on &4004.