Troubleshooting SARIF uploads

Learn how to resolve problems uploading SARIF files of code scanning results to GitHub.

Upload fails because GitHub Advanced Security is disabled

You can only upload SARIF results to private or internal repositories where GitHub Advanced Security is enabled.

Upload was rejected because CodeQL default setup is enabled for code scanning

You cannot upload SARIF results generated by the CodeQL action or CodeQL CLI when default setup for code scanning is enabled. Check your configuration and decide whether to keep default setup or unblock SARIF upload.

GitHub token is required to upload SARIF results

You need to provide an authentication method for the upload process to use to access the repository.

SARIF file is invalid

Code scanning can only process syntactically valid SARIF files. Invalid files are rejected.

SARIF results file is too large

You cannot upload a SARIF results file larger than 10 MB to code scanning. Explore ways to generate a smaller file containing the highest impact results.

SARIF results exceed one or more limits

Learn how to resolve problems when a SARIF file is rejected by code scanning because one or more limits is exceeded.