Skip to main content


您可以通过将数据上传为 SARIF 文件来集成第三方代码分析工具与 GitHub 代码扫描。

代码扫描 可用于 GitHub Enterprise Server 中的组织拥有的存储库。 此功能需要 GitHub Advanced Security 的许可证。 更多信息请参阅“GitHub 的产品”。

  • About integration with code scanning

    You can perform 代码扫描 externally and then display the results in GitHub, or set up webhooks that listen to 代码扫描 activity in your repository.

  • Uploading a SARIF file to GitHub

    您可以将 SARIF 文件从第三方静态分析工具上传到 GitHub,并且在仓库中看到 代码扫描 来自这些工具的警报。

  • SARIF support for code scanning

    To display results from a third-party static analysis tool in your repository on GitHub, you'll need your results stored in a SARIF file that supports a specific subset of the SARIF 2.1.0 JSON schema for 代码扫描. If you use the default CodeQL static analysis engine, then your results will display in your repository on GitHub automatically.