As an alternative to running code scanning within GitHub, you can perform analysis elsewhere and then upload the results. Alerts for code scanning that you run externally are displayed in the same way as those for code scanning that you run within GitHub. For more information, see "Managing code scanning alerts for your repository."
If you use a third-party static analysis tool that can produce results as Static Analysis Results Interchange Format (SARIF) 2.1.0 data, you can upload this to GitHub. For more information, see "Uploading a SARIF file to GitHub."
Si ejecuta el análisis de código mediante varias configuraciones, en ocasiones una alerta tendrá varios orígenes de análisis. Si una alerta tiene varios orígenes de análisis, puede ver el estado de la alerta para cada origen de análisis en la página de alertas. Para más información, vea "Acerca de los orígenes de análisis".
Integrations with webhooks
You can use code scanning webhooks to build or set up integrations, such as GitHub Apps or OAuth Apps, that subscribe to code scanning events in your repository. For example, you could build an integration that creates an issue on GitHub Enterprise Cloud or sends you a Slack notification when a new code scanning alert is added in your repository. For more information, see "Creating webhooks" and "Webhook events and payloads."