与代码扫描集成

您可以通过将数据上传为 SARIF 文件来集成第三方代码分析工具与 GitHub 代码扫描。

代码扫描可用于所有公共存储库。代码扫描也可用于使用 GitHub Enterprise Cloud 并有 GitHub Advanced Security 许可证的组织拥有的私有存储库。更多信息请参阅“关于 GitHub Advanced Security”。

About integration with code scanning

You can perform 代码扫描 externally and then display the results in GitHub, or set up webhooks that listen to 代码扫描 activity in your repository.

Uploading a SARIF file to GitHub

您可以将 SARIF 文件从第三方静态分析工具上传到 GitHub，并且在仓库中看到代码扫描来自这些工具的警报。

SARIF support for code scanning

To display results from a third-party static analysis tool in your repository on GitHub, you'll need your results stored in a SARIF file that supports a specific subset of the SARIF 2.1.0 JSON schema for 代码扫描. If you use the default CodeQL static analysis engine, then your results will display in your repository on GitHub automatically.