FAQ resource for How do I upload SARIF results to GitHub Code Scanning?.
Answer
Run scan with SARIF output: npx @vibgrate/cli scan . --format sarif --out vibgrate.sarif --fail-on error. Then use github/codeql-action/upload-sarif@v3 with sarif_file: vibgrate.sarif. Requires security-events: write permission. Findings appear in the Security tab and inline on PRs.