fix(engine): treat severity_threshold 'none' as no threshold

When severity_threshold is set to "none" (the default in composite
actions), it was being parsed as Severity.UNKNOWN (order 0), causing
every finding to exceed the threshold and returning exit code 1.

Fix _parse_severity() to return None for "none" and handle the same
case in the CLI --severity-threshold override. This fixes the CI
failures in scanner-bandit and scanner-opengrep thin wrappers.

Author: eFAILution

argus/cli.py

@@ -540,9 +540,12 @@ def _cmd_source_scan(args: argparse.Namespace) -> int:
 
     # Override config with CLI arguments
     if args.severity_threshold:
-        config.reporting.severity_threshold = Severity.from_string(
-            args.severity_threshold
-        )
+        if args.severity_threshold == "none":
+            config.reporting.severity_threshold = None
+        else:
+            config.reporting.severity_threshold = Severity.from_string(
+                args.severity_threshold
+            )
     if args.output_dir:
         config.reporting.output_dir = args.output_dir
     if args.formats:

argus/core/config.py

@@ -124,9 +124,16 @@ def get_scanner_config(self, scanner_name: str) -> ScannerConfig:
 
 
 def _parse_severity(value: str | None) -> Optional[Severity]:
-    """Parse a severity string or return None."""
+    """Parse a severity string or return None.
+
+    "none" is treated as no threshold (returns None), not as
+    Severity.UNKNOWN — this matches the CLI semantics where
+    --severity-threshold none means "never fail on findings".
+    """
     if value is None:
         return None
+    if str(value).strip().lower() == "none":
+        return None
     return Severity.from_string(str(value))