Your employer has a large team of software developers with constantly changing codebases for dozens of internal applications. As a part of change control any code changes go through an automated vulnerability scanning process which checks for known vulnerabilities in frameworks, programming languages, dependencies and the code itself. Due to business pressure these scans have been largely ignored and there are currently over a thousand issues found by the automated scanning. You are tasked with working with the developers and remedying 100% of the issues. What should you do next?