The code scanning API allows users to upload data about static analysis security testing results, or export data about alerts. We are releasing updates to the API including:
- When uploading a SARIF file, the API returns additional status information, including a pointer to the analyses endpoint for that result.
- When exporting alerts, the API now includes additional metadata to assist in offline analysis including alert's location in the code, title, description, and full help text.
- The alerts API also supports optionally exporting alerts in the SARIF format to improve interoperability with SARIF enabled workflows.
- A new instances API which provides information about the instances of an alert across many branches in the
GET /code-scanning/alerts/:id/instances
API. - You can now delete the
most_recent
analysis usingDELETE /code-scanning/analyses/:id
. This will also remove any net new alerts which were introduced by that analysis. - The
tool_name
property ofGET /code-scanning/analyses
has been deprecated. Please use thetools
object and its respective properties going forward. - The
instances
property ofGET /code-scanning/alerts/:id
has been deprecated. Please use the new resourceGET /code-scanning/alerts/:id/instances
going forward.
For more information, see the code scanning API reference