English
Explore by product
Code security
English
This version of GitHub Enterprise will be discontinued on 2022-02-16. No patch releases will be made, even for critical security issues. For better performance, improved security, and new features, upgrade to the latest version of GitHub Enterprise. For help with the upgrade, contact GitHub Enterprise support.
Integrating with code scanning
Code scanning is available if you have a license for GitHub Advanced Security. For more information, see "About GitHub Advanced Security."
About integration with code scanning→
You can perform code scanning externally and then display the results in GitHub, or set up webhooks that listen to code scanning activity in your repository.
Uploading a SARIF file to GitHub→
You can upload SARIF files generated outside GitHub and see code scanning alerts from third-party tools in your repository.
SARIF support for code scanning→
To display results from a third-party static analysis tool in your repository on GitHub, you'll need your results stored in a SARIF file that supports a specific subset of the SARIF 2.1.0 JSON schema for code scanning. If you use the default CodeQL static analysis engine, then your results will display in your repository on GitHub automatically.
Help us make these docs great!
All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.
Make a contribution