Skip to content

Using open source static analysis tools with code scanning

Code scanning users can now scan their code for vulnerabilities using the GitHub Open Source Static Analysis Runner (OSSAR) action.

At GitHub Satellite, we announced code scanning, part of GitHub Advanced Security. Along with showing results from CodeQL, GitHub's code analysis engine, code scanning can display findings from any static analysis tool. The OSSAR action wraps several popular open source tools to integrate them with code scanning.

If you are not yet part of the code scanning beta you can request access here.