About integration with code scanning

You can perform 代码扫描 externally and then display the results in GitHub, or set up webhooks that listen to 代码扫描 activity in your repository.

代码扫描 适用于启用了 GitHub Advanced Security 的组织拥有的仓库。 更多信息请参阅“关于 GitHub Advanced Security”。

注:站点管理员必须为 your GitHub Enterprise Server instance 启用 代码扫描,然后您才可使用此功能。 更多信息请参阅“为设备配置 代码扫描”。

As an alternative to running 代码扫描 within GitHub, you can perform analysis elsewhere and then upload the results. Alerts for 代码扫描 that you run externally are displayed in the same way as those for 代码扫描 that you run within GitHub. For more information, see "Managing 代码扫描 alerts for your repository."

If you use a third-party static analysis tool that can produce results as Static Analysis Results Interchange Format (SARIF) 2.1.0 data, you can upload this to GitHub. For more information, see "Uploading a SARIF file to GitHub."

Integrations with webhooks

You can use 代码扫描 webhooks to build or set up integrations, such as GitHub 应用程序 or OAuth 应用程序, that subscribe to 代码扫描 events in your repository. For example, you could build an integration that creates an issue on GitHub Enterprise Server or sends you a Slack notification when a new 代码扫描 alert is added in your repository. For more information, see "Creating webhooks" and "Webhook events and payloads."

Further reading

此文档对您有帮助吗?

隐私政策

帮助我们创建出色的文档!

所有 GitHub 文档都是开源的。看到错误或不清楚的内容了吗?提交拉取请求。

做出贡献

或者, 了解如何参与。