Update docs for the code scanning API (#17653)

* Add custom media type info and update subsection cross-refs * Update the permissions for GH Apps page * Add temporary JSON files Replace these with the autogenerated ones from github/github, when the associated PR over there is merged. * Change json+sarif to sarif+json * Condition media types section This new section will only become accurate in GHES 3.1 * Add temporary copies of decorated & dereferenced files * Add new endpoints to the permissions page /rest/reference/permissions-required-for-github-apps * Update temp JSON files * Update JSON files * Add github-ae: '*' * Add github-ae: '*' * Add github-ae: '*' * Update content/rest/reference/code-scanning.md * Update JSON files * Update content/github/finding-security-vulnerabilities-and-errors-in-your-code/sarif-support-for-code-scanning.md Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com> * Update content/github/finding-security-vulnerabilities-and-errors-in-your-code/uploading-a-sarif-file-to-github.md Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com> * Update content/rest/reference/code-scanning.md Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com> * Update content/rest/reference/code-scanning.md Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com> * Update content/rest/reference/permissions-required-for-github-apps.md Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com> * Make review comment changes * Remove development mode JSON files * Update OpenAPI Descriptions (#17857) * Update OpenAPI Descriptions * Add decorated OpenAPI schema files * Remove development mode JSON files * Update OpenAPI JSON files (#17869) * Update OpenAPI Descriptions * Add decorated OpenAPI schema files Co-authored-by: github-openapi-bot <security+github-openapi-bot@github.com> * Remove development mode JSON files * Update OpenAPI Descriptions (#17863) * Update OpenAPI Descriptions * Add decorated OpenAPI schema files * Update content/rest/reference/permissions-required-for-github-apps.md Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com> * Update content/rest/reference/permissions-required-for-github-apps.md * Update content/rest/reference/permissions-required-for-github-apps.md * Update content/rest/reference/permissions-required-for-github-apps.md * Update content/rest/reference/permissions-required-for-github-apps.md * Update content/rest/reference/code-scanning.md Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com> Co-authored-by: github-openapi-bot <69533958+github-openapi-bot@users.noreply.github.com> Co-authored-by: github-openapi-bot <security+github-openapi-bot@github.com>
2025-12-20 10:28:40 -05:00 · 2021-02-16 22:07:48 +00:00
parent 6ce85ac200
commit c9b4766254
20 changed files with 8141 additions and 4241 deletions
--- a/content/github/finding-security-vulnerabilities-and-errors-in-your-code/sarif-support-for-code-scanning.md
+++ b/content/github/finding-security-vulnerabilities-and-errors-in-your-code/sarif-support-for-code-scanning.md
@@ -32,7 +32,7 @@ Each time the results of a new code scan are uploaded, the results are processed

 SARIF files created by the {% data variables.product.prodname_codeql_workflow %} or using the {% data variables.product.prodname_codeql_runner %} include fingerprint data. If you upload a SARIF file using the `upload-sarif` action and this data is missing, {% data variables.product.prodname_dotcom %} attempts to populate the `partialFingerprints` field from the source files. For more information about uploading results, see "[Uploading a SARIF file to {% data variables.product.prodname_dotcom %}](/github/finding-security-vulnerabilities-and-errors-in-your-code/uploading-a-sarif-file-to-github#uploading-a-code-scanning-analysis-with-github-actions)."

-If you upload a SARIF file without fingerprint data using the `/code-scanning/sarifs` API endpoint, the {% data variables.product.prodname_code_scanning %} alerts will be processed and displayed, but users may see duplicate alerts. To avoid seeing duplicate alerts, you should calculate fingerprint data and populate the `partialFingerprints` property before you upload the SARIF file. You may find the script that the `upload-sarif` action uses a helpful starting point: https://github.com/github/codeql-action/blob/main/src/fingerprints.ts. For more information about the API, see "[Upload a SARIF file](/rest/reference/code-scanning#upload-a-sarif-file)."
+If you upload a SARIF file without fingerprint data using the `/code-scanning/sarifs` API endpoint, the {% data variables.product.prodname_code_scanning %} alerts will be processed and displayed, but users may see duplicate alerts. To avoid seeing duplicate alerts, you should calculate fingerprint data and populate the `partialFingerprints` property before you upload the SARIF file. You may find the script that the `upload-sarif` action uses a helpful starting point: https://github.com/github/codeql-action/blob/main/src/fingerprints.ts. For more information about the API, see "[Upload an analysis as SARIF data](/rest/reference/code-scanning#upload-an-analysis-as-sarif-data)."

 ### Validating your SARIF file

--- a/content/github/finding-security-vulnerabilities-and-errors-in-your-code/uploading-a-sarif-file-to-github.md
+++ b/content/github/finding-security-vulnerabilities-and-errors-in-your-code/uploading-a-sarif-file-to-github.md
@@ -25,7 +25,7 @@ You can upload the results using {% data variables.product.prodname_actions %}{%
 - {% data variables.product.prodname_actions %} to run the {% data variables.product.prodname_codeql %} action, there is no further action required. The {% data variables.product.prodname_codeql %} action uploads the SARIF file automatically when it completes analysis.
 - {% data variables.product.prodname_actions %} to run a SARIF-compatible analysis tool, you could update the workflow to include a final step that uploads the results (see below).
 - The {% data variables.product.prodname_codeql_runner %}, to run {% data variables.product.prodname_code_scanning %} in your CI system, by default the runner automatically uploads results to {% data variables.product.prodname_dotcom %} on completion. If you block the automatic upload, when you are ready to upload results you can use the `upload` command (for more information, see "[Running {% data variables.product.prodname_code_scanning %} in your CI system](/github/finding-security-vulnerabilities-and-errors-in-your-code/running-codeql-code-scanning-in-your-ci-system)").
- A tool that generates results as an artifact outside of your repository, you can use the {% data variables.product.prodname_code_scanning %} API to upload the file (for more information, see "[Upload a SARIF file](/rest/reference/code-scanning#upload-a-sarif-file)").
+- A tool that generates results as an artifact outside of your repository, you can use the {% data variables.product.prodname_code_scanning %} API to upload the file (for more information, see "[Upload an analysis as SARIF data](/rest/reference/code-scanning#upload-an-analysis-as-sarif-data)").

 {% data reusables.code-scanning.not-available %}

@@ -115,4 +115,4 @@ jobs:
 - "[Workflow syntax for {% data variables.product.prodname_actions %}](/actions/reference/workflow-syntax-for-github-actions)"
 - "[Viewing your workflow history](/actions/managing-workflow-runs/viewing-workflow-run-history)"
 - "[Running {% data variables.product.prodname_code_scanning %} in your CI system](/github/finding-security-vulnerabilities-and-errors-in-your-code/running-codeql-code-scanning-in-your-ci-system)"
- "[Upload a SARIF file](/rest/reference/code-scanning#upload-a-sarif-file)"
+- "[Upload an analysis as SARIF data](/rest/reference/code-scanning#upload-an-analysis-as-sarif-data)"