About integration with code scanning

You can perform escaneo de código externally and then display the results in GitHub.

Escaneo de código is available for all public repositories and for private repositories owned by organizations where GitHub Advanced Security is enabled. For more information, see "About GitHub Advanced Security."

Nota: Escaneo de código se encuentra acutalmente en beta y está sujeto a cambios. To request access to the beta, join the waitlist.

As an alternative to running escaneo de código within GitHub, you can perform analysis elsewhere and then upload the results. Alerts for escaneo de código that you run externally are displayed in the same way as those for escaneo de código that you run within GitHub. For more information, see "Managing alerts from code scanning."

You can use your continuous integration or continuous delivery/deployment (CI/CD) system to run GitHub's CodeQL analysis and upload the results to GitHub. This is an alternative to using GitHub Actions to run CodeQL analysis. For more information, see "Running code scanning in your CI system."

If you use a third-party static analysis tool that can produce results as Static Analysis Results Interchange Format (SARIF) 2.1.0 data, you can upload this to GitHub. Para obtener más información, consulta la sección "Cargar un archivo SARIF a GitHub".

Leer más

¿Te ayudó este documento?

Privacy policy

Help us make these docs great!

All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.

Make a contribution

O, learn how to contribute.

About integration with code scanning

Leer más

¿Te ayudó este documento?

Help us make these docs great!

Still need help?