SAST scanner only finds unknown severity

Hi I’m new to gitlab…

I am running CI/CD on a java webapp (spring, jsf) that is built using apache ant in docker. The build works great!.

The issue that I’m having is when I run the sast scanner all of the severities are unknown. Is this normal? This doesn’t seem right to me.

At this point I’m pretty lost. This is a legacy webapp that is being refactored… I know for sure there are security issues with it.

If any could help I would appreciate it!