Skip to main content

此版本的 GitHub Enterprise 将停止服务 2022-09-28. 即使针对重大安全问题,也不会发布补丁。 为了获得更好的性能、更高的安全性和新功能,请升级到最新版本的 GitHub Enterprise。 如需升级帮助,请联系 GitHub Enterprise 支持

About integration with code scanning

You can perform code scanning externally and then display the results in GitHub, or set up webhooks that listen to code scanning activity in your repository.

Code scanning is available for organization-owned repositories in GitHub Enterprise Server. This feature requires a license for GitHub Advanced Security. 有关详细信息,请参阅“关于 GitHub Advanced Security”。

注意:站点管理员必须为 your GitHub Enterprise Server instance 启用 code scanning,你才能使用这些功能。 有关详细信息,请参阅“为设备配置 code scanning”。

As an alternative to running code scanning within GitHub, you can perform analysis elsewhere and then upload the results. Alerts for code scanning that you run externally are displayed in the same way as those for code scanning that you run within GitHub. For more information, see "Managing code scanning alerts for your repository."

If you use a third-party static analysis tool that can produce results as Static Analysis Results Interchange Format (SARIF) 2.1.0 data, you can upload this to GitHub. For more information, see "Uploading a SARIF file to GitHub."

Integrations with webhooks

You can use code scanning webhooks to build or set up integrations, such as GitHub Apps or OAuth Apps, that subscribe to code scanning events in your repository. For example, you could build an integration that creates an issue on GitHub Enterprise Server or sends you a Slack notification when a new code scanning alert is added in your repository. For more information, see "Creating webhooks" and "Webhook events and payloads."

Further reading