About CodeQL code scanning in your CI system

You can analyze your code with CodeQL in a third-party continuous integration system and upload the results to your GitHub Enterprise Server instance. The resulting code scanning alerts are shown alongside any alerts generated within GitHub Enterprise Server.

Code scanning is available if you have a license for GitHub Advanced Security. For more information, see "About GitHub Advanced Security."

Note: Your site administrator must enable code scanning for your GitHub Enterprise Server instance before you can use this feature. For more information, see "Configuring code scanning for your appliance."

About CodeQL code scanning in your CI system

Code scanning is a feature that you use to analyze the code in a GitHub repository to find security vulnerabilities and coding errors. Any problems identified by the analysis are shown in GitHub Enterprise Server. For information, see "About code scanning."

You can run CodeQL code scanning within GitHub Enterprise Server using actions. Alternatively, if you use a third-party continuous integration or continuous delivery/deployment (CI/CD) system, you can run CodeQL analysis in your existing system and upload the results to your GitHub Enterprise Server instance.

Note: Uploading SARIF data to display as code scanning results in GitHub Enterprise Server is supported for organization-owned repositories with GitHub Advanced Security enabled. For more information, see "Managing security and analysis settings for your repository."

You add the CodeQL runner to your third-party system, then call the tool to analyze code and upload the SARIF results to GitHub Enterprise Server. The resulting code scanning alerts are shown alongside any alerts generated within GitHub Enterprise Server.

To set up code scanning in your CI system, see "Running CodeQL runner in your CI system."

Did this doc help you? Privacy policy

Help us make these docs great!

All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.

Make a contribution

Or, learn how to contribute.