A developer wants to bypass a security scan to meet a release deadline. How do you handle this situation?