What is a failure criteria?
Code Scanning Failure Criteria are a feature of GitHub Advanced Security that allow you to define the conditions under which a pull request can be merged when new code scanning vulnerabilities are found. You can use failure criteria to prevent pull requests from being merged if they introduce new security vulnerabilities or increase the severity of existing vulnerabilities.
How do I enable failure criteria?
To enable failure criteria, an admin of the repository may navigate to the following tab in your repository:
Settings -> Code security and analysis
From there, you may enable failure criteria by selecting the dropdown in the “Pull request check failure” section and selecting “High or higher” in the “Security” section of the dropdown:
Your configuration should look like the following
Note: To remain compliant with VA policy, you must enable failure criteria at the “High or higher” level.