I’m testing a Github Actions on a repository, with a third party static analysis tool.
The Github actions clones the code, runs the tool, and produces an exakat.sarif file.
The Github actions then upload it to Github API, thanks to the step, as explained in the docs.
The whole actions works well (SARIF is produced, uploads returns OK).
Now where do I see the results?
I’ve roamed the source code, in particular on lines where issues are expected, in vain.
I’m expecting to see the results of the SCA at file:line that they are reported, along with the documentation offered in the SARIF file.
I registered on the Code Scanning waiting list, and I am now accepted.
Is there anything to add to the repository configuration?
May be some API to call, to check if it works or not.
May be the feature is still under work.
Any experience is welcome.