A GitHub token is required to upload SARIF results but none was specified
This error is reported if the upload process does not reference an authentication method, or if that method has the wrong permission. The permissions required to upload SARIF file to a repository are the same no matter what process you use to upload the data.
- Fine-grained personal access tokens require
writescope for the repository.
- Classic personal access tokens require
security_eventsscope for the repository for private or internal repositories. You can use tokens with the
public_reposcope for public repositories.
- GitHub Apps require
security_eventsscope for the repository.
You could see this error for SARIF files created using any tool and uploaded using any method.
Create a new personal access token or GitHub App with the correct permission. For more information see, "Managing your personal access tokens", or "Authenticating as a GitHub App" and "Deciding when to build a GitHub App."