To display results from a third-party static analysis tool in your repository on GitHub, you'll need your results stored in a SARIF file that supports a specific subset of the SARIF 2.1.0 JSON schema for code scanning. If you use the default CodeQL static analysis engine, then your results will display in your repository on GitHub automatically.| GitHub Docs
You can use CodeQL to identify vulnerabilities and errors in your code. The results are shown as code scanning alerts in GitHub.| GitHub Docs
Learn about the different types of code scanning alerts and the information that helps you understand the problem each alert highlights.| GitHub Docs
You can customize how your advanced setup scans the code in your project for vulnerabilities and errors.| GitHub Docs
Understand how CodeQL analyzes compiled languages, the build options available, and learn how you can customize the database generation process if you need to.| GitHub Docs
Manage access to your code. Find and fix vulnerable code and dependencies automatically.| GitHub Docs
Quickly set up code scanning to find and fix vulnerable code automatically.| GitHub Docs
