We are currently trying to migrate from LGTM to codeql-action due to limitations in LGTM's infrastructure.

With LGTM, we could set it return a failing check any time new analysis alerts were introduced in an PR. This would allow us to prevent merging a PR if it introduced new alerts.

We set up the default GitHub Actions for codeql-action and it ran and found 6 alerts in our test suite, but the build did not put up a failing check that would have prevented merging.

This is our first PR that adds codeql-action, so perhaps this needs to be merged first so that future PRs have something to be compared against? We are hesitant to merge without knowing there is a way to configure the action to fail when new alerts are introduced.

• PR: Upgrade backend to .NET 5 sillsdev/TheCombine#1198
• Scanning results: https://github.com/sillsdev/TheCombine/pull/1198/checks?check_run_id=2914899948
• Alerts for PR: https://github.com/sillsdev/TheCombine/security/code-scanning?query=ref%3Arefs%2Fpull%2F1198%2Fmerge+tool%3ACodeQL