Integrating with code scanning
You can integrate CodeQL code scanning with your existing CI systems or upload results from other tools.
About integration with code scanning→
You can perform code scanning externally and then display the results in GitHub.
Running code scanning in your CI system→
If you use a third-party continuous integration system, you can integrate CodeQL code scanning into this system using the CodeQL runner.
Configuring code scanning in your CI system→
You can configure how the CodeQL runner scans the code in your project and uploads the results to GitHub.
Troubleshooting code scanning in your CI system→
If you're having problems with the CodeQL runner, you can troubleshoot by using these tips.
Uploading a SARIF file to GitHub→
You can upload SARIF files generated outside GitHub and see code scanning alerts from third-party tools in your repository.
SARIF support for code scanning→
To display results from a third-party static analysis tool in your repository on GitHub, you'll need your results stored in a SARIF file that supports a specific subset of the SARIF 2.1.0 JSON schema for code scanning. If you use the default CodeQL static analysis engine, then your results will display in your repository on GitHub automatically.