Integrating with code scanning

You can integrate third-party code analysis tools with GitHub code scanning by uploading data as SARIF files.

Code scanning is available as part of GitHub Advanced Security, which is free during the beta release. Weitere Informationen findest Du unter „Informationen zu GitHub Advanced Security“.

  • About integration with code scanning

    You can perform code scanning externally and then display the results in GitHub, or set up webhooks that listen to code scanning activity in your repository.

  • Uploading a SARIF file to GitHub

    Du kannst SARIF-Dateien von statischen Analysewerkzeugen von Drittanbietern in GitHub hochladen und code scanning-Warnungen von diesen Werkzeugen in Deinem Repository sehen.

  • SARIF support for code scanning

    To display results from a third-party static analysis tool in your repository on GitHub, you'll need your results stored in a SARIF file that supports a specific subset of the SARIF 2.1.0 JSON schema for code scanning. If you use the default CodeQL static analysis engine, then your results will display in your repository on GitHub automatically.

Did this doc help you?Privacy policy

Help us make these docs great!

All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.

Make a contribution

Oder, learn how to contribute.