Skip to main content

此版本的 GitHub Enterprise 将停止服务 2022-09-28. 即使针对重大安全问题,也不会发布补丁。 为了获得更好的性能、更高的安全性和新功能,请升级到最新版本的 GitHub Enterprise。 如需升级帮助,请联系 GitHub Enterprise 支持


您可以通过将数据上传为 SARIF 文件来集成第三方代码分析工具与 GitHub code scanning。

Code scanning is available for organization-owned repositories in GitHub Enterprise Server. This feature requires a license for GitHub Advanced Security. 有关详细信息,请参阅“关于 GitHub Advanced Security”。

  • About integration with code scanning

    You can perform code scanning externally and then display the results in GitHub, or set up webhooks that listen to code scanning activity in your repository.

  • 将 SARIF 文件上传到 GitHub

    您可以将 SARIF 文件从第三方静态分析工具上传到 GitHub,并且在仓库中看到 code scanning 来自这些工具的警报。

  • SARIF support for code scanning

    To display results from a third-party static analysis tool in your repository on GitHub, you'll need your results stored in a SARIF file that supports a specific subset of the SARIF 2.1.0 JSON schema for code scanning. If you use the default CodeQL static analysis engine, then your results will display in your repository on GitHub automatically.