Github Code scanning
Integration with Github code scanning¶
Scan action can be integrated with GitHub code scanning tool.
Navigate to security settings on your repository and then to Code scanning alerts.
Register for beta access if required. Then look for scan on the marketplace integration.
A workflow integration file with the name
shiftleft-analysis.yml will be presented. Save this file or configure based on the inline help provided in the workflow file.
Any subsequent build would be automatically scanned using scan. The findings will be viewable on the Code scanning alerts tab.
Scan would automatically appear as a check for Pull Requests. No additional configuration is required!
Refer to this example for a complete workflow integrated with scan.