Show findings in GitHub code scanning
Get scanner findings as inline annotations on the PR diff
GateTest emits SARIF, the standard format GitHub code scanning ingests, so every finding appears as an inline annotation on the pull-request diff — tracked across commits and dismissible — instead of buried in CI logs.
The problem
Findings in a CI log are easy to ignore. A wall of text at the bottom of a build that nobody scrolls to isn't a review surface; it's noise. Developers act on what shows up next to the code they're reviewing.
GitHub code scanning solves this by rendering findings inline on the diff — but it needs results in SARIF, the standard interchange format.
How GateTest does it
GateTest produces SARIF as one of its reporter formats. Upload it with the standard `github/codeql-action/upload-sarif` step and GitHub renders each finding inline.
GitHub then tracks findings across commits, de-duplicates them, and lets reviewers dismiss with a reason — turning scanner output into a managed review surface.
- uses: crclabs-hq/gatetest-action@v1
with:
suite: full
sarif-file: gatetest.sarif
- uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: gatetest.sarifSteps
- 1Run GateTest with SARIF output enabled.
- 2Upload the SARIF file via github/codeql-action/upload-sarif.
- 3Findings appear under the Security tab and inline on the diff.
- 4Reviewers dismiss false positives with a tracked reason.
Frequently asked questions
Do I need GitHub Advanced Security for this?
Code scanning via SARIF upload is available on public repositories for free and on private repositories with GitHub Advanced Security. GateTest produces the SARIF; GitHub's availability rules apply to where it's displayed.
What format does GateTest export?
GateTest emits five reporter formats — Console, JSON, HTML, SARIF, and JUnit. SARIF is the one GitHub code scanning ingests for inline annotations.
Put this gate on your repo
Free preview of findings. Pay per scan — no subscription. AI auto-fix PR on the Scan + Fix tier.