In a Code Scanning workflow, what type of results are uploaded after analysis?

Prepare for the GitHub Advanced Security Certification Test. Practice with multiple choice questions, detailed explanations, and hints. Achieve success on your first attempt!

Multiple Choice

In a Code Scanning workflow, what type of results are uploaded after analysis?

Explanation:
Code Scanning uploads results in a standardized format designed for static analysis findings. This format is SARIF (Static Analysis Results Interoperability Format), a JSON-based standard that lets different tools report their findings in a consistent structure. By uploading SARIF, the workflow enables GitHub to parse, display, and correlate issues across tools with details like rule IDs, severities, messages, and exact locations in the code. XML, CSV, or plain text logs don’t provide the same structured, interoperable schema needed for automated ingestion and a unified Code Scanning Alerts experience.

Code Scanning uploads results in a standardized format designed for static analysis findings. This format is SARIF (Static Analysis Results Interoperability Format), a JSON-based standard that lets different tools report their findings in a consistent structure. By uploading SARIF, the workflow enables GitHub to parse, display, and correlate issues across tools with details like rule IDs, severities, messages, and exact locations in the code. XML, CSV, or plain text logs don’t provide the same structured, interoperable schema needed for automated ingestion and a unified Code Scanning Alerts experience.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy