Ensure SAST is fulfilling requirements for GitLab internal use

Problem to solve

We already use SAST in pipelines that build GitLab. Results can be accessed in merge requests, pipelines, and in the security dashboard.

Are these results valuable? Is our internal Security Team at GitLab using this information to check and prevent possible vulnerabilities to land in a release?

The goal of this issue is to engage an internal discussion and check how we can improve SAST in our product to better support our needs (and so, the needs of many other companies).