we want to integrate brakeman code scan tool in github actions, and generate vuln into sarif file and post sarif file into "code scanning alerts" in workflow.
name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v1
with:
# Path to SARIF file relative to the root of the repository
sarif_file: results.sarif
it works without any issue.
but in private repository, github needs our company to pay the money to enable code scanning. we are poor, we don't have the budget to enable that function, can we post the vuln to "security advistories" ? is there any github api support that ?