Skip to main content

icon-developers.png Get results in SARIF files

You can choose to get results from static scanning in a SARIF file instead of in a terminal window (if using the CLI). You can also download a SARIF file from the Contrast web interface.


  1. If you are using the CLI for static scanning, use this command option to store results in a SARIF file:

    contrast scan --save

    This command downloads the file to the current working directory with a default name of results.sarif. You can view the file with any text editor.

  2. If you are using the Contrast web interface, download the results to a SARIF (or CSV) file:

    • Select Scans in the header.

    • In the Scan project list, select a project.

    • At the end of the row for a scan, select the Download icon (icon-download.svg. Results are available for download for up to five days after the scan completes.

  3. If you are using the GitHub action for static scanning and want to view results in the Security tab in the repository, include this GitHub action in your setup:

        - name: Upload SARIF file
          uses: github/codeql-action/upload-sarif@v2
            sarif_file: results.sarif

    The SARIF file name must be results.sarif.