To display results from a third-party static analysis tool in your repository on GitHub, you'll need your results stored in a SARIF file that supports a specific subset of the SARIF 2.1.0 JSON schema for code scanning. If you use the default CodeQL static analysis engine, then your results will display in your repository on GitHub automatically.| GitHub Docs
Use the REST API to retrieve and update code scanning alerts from a repository.| GitHub Docs
You can analyze your code with the CodeQL CLI or another tool in a third-party continuous integration system and upload the results to GitHub. The resulting code scanning alerts are shown alongside any alerts generated within GitHub.| GitHub Docs
Learn about the different types of code scanning alerts and the information that helps you understand the problem each alert highlights.| GitHub Docs
You can configure advanced setup for a repository to find security vulnerabilities in your code using a highly customizable code scanning configuration.| GitHub Docs
