The code scanning API allows users to upload data about static analysis security testing results, or export data about alerts. We are releasing updates to the API including:
- When uploading a SARIF file, the API returns additional status information, including a pointer to the analyses endpoint for that result.
- When exporting alerts, the API now includes additional metadata to assist in offline analysis including alert's location in the code, title, description, and full help text.
- The alerts API also supports optionally exporting alerts in the SARIF format to improve interoperability with SARIF enabled workflows.
- A new instances API which provides information about the instances of an alert across many branches in the
- You can now delete the
DELETE /code-scanning/analyses/:id. This will also remove any net new alerts which were introduced by that analysis.
GET /code-scanning/analyseshas been deprecated. Please use the
toolsobject and its respective properties going forward.
GET /code-scanning/alerts/:idhas been deprecated. Please use the new resource
GET /code-scanning/alerts/:id/instancesgoing forward.
For more information, see the code scanning API reference