DBSS CLR Security alarms fire for user defined assemblies
Redundant CLR security alarms fire for system CLR assemblies
The collection retrieves data system and user defined assemblies.
STATUS Defect ID FOG-7316 has been logged to filter the collection to only retrieve user defined CLR assemblies. This is planned for a future release of the SQL Server cartridge.
According to Microsoft, this might explain why it is is firing for SQL Server, "CLR uses Code Access Security (CAS) in the .NET Framework is no longer supported as a security boundary.
A CLR assembly created with PERMISSION_SET = SAFE may be able to access external system resources, call unmanaged code, and acquire sysadmin privileges.
Beginning with SQL Server 2017 (14.x), an sp_configure option called CLR strict security is introduced to enhance the security of CLR assemblies. CLR strict security is enabled by default, and treats SAFE and EXTERNAL_ACCESS assemblies as if they were marked UNSAFE. The CLR strict security option can be disabled for backward compatibility, but this is not recommended"