Integrate with existing tools

Integrate code scanning with your existing tools and workflows by running scans in your CI system or uploading results to GitHub using Static Analysis Results Interchange Format (SARIF).

Using code scanning with your existing CI system

You can analyze your code with the CodeQL CLI or another tool in a third-party continuous integration system and upload the results to GitHub. The resulting code scanning alerts are shown alongside any alerts generated within GitHub.

Uploading a SARIF file to GitHub

GitHub 외부에서 생성된 SARIF 파일을 업로드하고 리포지토리의 타사 도구에서 code scanning 경고를 볼 수 있습니다.