Try GitHub Copilot CLIAttend GitHub Universe
Back to changelog
Improvement

July 6, 20201 minute read

Using open source static analysis tools with code scanning

Code scanning users can now scan their code for vulnerabilities using the GitHub Open Source Static Analysis Runner (OSSAR) action.

At GitHub Satellite, we announced code scanning, part of GitHub Advanced Security. Along with showing results from CodeQL, GitHub's code analysis engine, code scanning can display findings from any static analysis tool. The OSSAR action wraps several popular open source tools to integrate them with code scanning.

If you are not yet part of the code scanning beta you can request access here.

Subscribe to our developer newsletter

Discover tips, technical guides, and best practices in our biweekly newsletter just for devs.

By submitting, I agree to let GitHub and its affiliates use my information for personalized communications, targeted advertising, and campaign effectiveness. See the GitHub Privacy Statement for more details.

Using open source static analysis tools with code scanning - GitHub Changelog