To display results from a third-party static analysis tool in your repository on GitHub, you'll need your results stored in a SARIF file that supports a specific subset of the SARIF 2.1.0 JSON schema for code scanning. If you use the default CodeQL static analysis engine, then your results will display in your repository on GitHub automatically.| GitHub Docs
When code scanning identifies a problem in a pull request, you can review the highlighted code and resolve the alert.| GitHub Docs
From the security view, you can view, fix, or dismiss alerts for potential vulnerabilities or errors in your project's code.| GitHub Docs
Learn about the different types of code scanning alerts and the information that helps you understand the problem each alert highlights.| GitHub Docs
Dependency review lets you catch insecure dependencies before you introduce them to your environment, and provides information on license, dependents, and age of dependencies.| GitHub Docs
