On using the frogbot-scan-pull-request.yml it comments the vulnerabilities and license violations in the PR, but they (both) are not shown in the Code Scanning Alerts View. Is there something that I am missing in the configs on yml or Github's settings for this?