Skip to main content
ドキュメントには頻繁に更新が加えられ、その都度公開されています。本ページの翻訳はまだ未完成な部分があることをご了承ください。最新の情報については、英語のドキュメンテーションをご参照ください。本ページの翻訳に問題がある場合はこちらまでご連絡ください。

About integration with code scanning

You can perform code scanning externally and then display the results in GitHub, or set up webhooks that listen to code scanning activity in your repository.

Code scanning is available for all public repositories. Code scanning is also available in private repositories owned by organizations that use GitHub Enterprise Cloud and have a license for GitHub Advanced Security. 詳しい情報については、「GitHub Advanced Security について」を参照してください。

As an alternative to running code scanning within GitHub, you can perform analysis elsewhere and then upload the results. Alerts for code scanning that you run externally are displayed in the same way as those for code scanning that you run within GitHub. For more information, see "Managing code scanning alerts for your repository."

If you use a third-party static analysis tool that can produce results as Static Analysis Results Interchange Format (SARIF) 2.1.0 data, you can upload this to GitHub. For more information, see "Uploading a SARIF file to GitHub."

If you run code scanning using multiple configurations, then sometimes an alert will have multiple analysis origins. If an alert has multiple analysis origins, you can view the status of the alert for each analysis origin on the alert page. 詳しい情報については「分析元について」を参照してください。

Integrations with webhooks

You can use code scanning webhooks to build or set up integrations, such as GitHub Apps or OAuth App, that subscribe to code scanning events in your repository. For example, you could build an integration that creates an issue on GitHub or sends you a Slack notification when a new code scanning alert is added in your repository. For more information, see "Creating webhooks" and "Webhook events and payloads."

Further reading