That was (is?) a prototype of security scans of all branches of a repo, rather than the "default branch only" approach mentioned in
https://www.jenkins.io/blog/2020/11/04/codeql/ -- which is why the labeled repos are just plugins maintained by Mark, Oleg, Jesse or me. Since this approach doesn't scale all that well (all of the scanning on a private Jenkins security team CI instance that does not receive webhooks), I've abandoned making it official in favor of something like a GitHub Action I hope to still publish this year.
Meanwhile, you are welcome to label your plugin repo, and within a day or two, you should see security scans show up in your repo at Security -> Code scanning alerts. (The same goes everyone else reading this, go nuts and make me make progress with the GH Actions!) Since it's unofficial, it may just disappear some time after I've published the official alternative, but if you read this list, you'll learn about that and can set that up instead.
Since the findings are the same no matter how the scan is invoked, if they're unclear or otherwise unhelpful, please email me, or the jenkinsci-cert list, about them.