Email notification for security reports

Description

Having security reports for your applications is great, and running pipelines regularly on the code to spot new possible problems is really helpful. You probably don't want to check the security status of your code every hour, but alerts can show up unexpected.

Proposal

Set up notification emails when a pipeline spots a new security alert. It is important to define what "new" means, and also a way to suppress false positives and avoid being flooded by email notifications. We can improve the existing "email on pipeline failure" feature to adapt to this scenario as well.