Managing results from code scanning
You can view, triage, understand, and resolve vulnerabilities and errors that code scanning finds.
Managing alerts from code scanning→
You can view, fix, and close alerts for potential vulnerabilities or errors in your project's code.
Uploading a SARIF file to GitHub→
You can upload SARIF files from third-party static analysis tools to GitHub and see code scanning alerts from those tools in your repository.
SARIF support for code scanning→
To display results from a third-party static analysis tool in your repository on GitHub, you'll need your results stored in a SARIF file that supports a specific subset of the SARIF 2.1.0 JSON schema for code scanning. If you use the default CodeQL static analysis engine, then your results will display in your repository on GitHub automatically.