This topic explains how to review the results of static analysis with C/C++test on GitHub.

Introduction

To display results of static analysis as GitHub code scanning alerts, you need to upload the results to GitHub in the SARIF (Static Analysis Results Interchange Format) format. Parasoft provides a GitHub action that allows you to run C/C++test and automatically generate a SARIF report to be uploaded to GitHub. Alternatively, you can run analysis independently of GitHub and then manually upload the results.

For your convenience, we recommend running analysis and uploading results to GitHub using the GitHub action.

Uploading Results to GitHub with the GitHub Action (Recommended)

Add the Run Parasoft C/C++test action to your GitHub workflow file. The action automatically generates a SARIF report when the workflow executes. The report can then be uploaded to GitHub to enable reviewing the results as GitHub scanning alerts directly in your project. See the details at https://github.com/parasoft/run-cpptest-action.

Manually Uploading Results to GitHub

If you want to run analysis outside of your GitHub workflow and manually upload the SARIF report to GitHub, you need to configure the SARIF report format and ensure that your GitHub repository is properly configured with C/C++test settings.

For details on configuring the report format, see Configuring Reporting Settings and Reporting Settings.

For details on connecting to Git, see Connecting to Source Control and Source Control Settings.