Skip to main content

Enterprise Server 3.15 is currently available as a release candidate.

Upload was rejected because CodeQL default setup is enabled for code scanning

You cannot upload SARIF results generated by the CodeQL action or CodeQL CLI when default setup for code scanning is enabled. Check your configuration and decide whether to keep default setup or unblock SARIF upload.

About this error

Upload with CodeQL results rejected due to "default setup"

This error is reported if a process attempts to upload a SARIF file containing results of CodeQL analysis to a repository where CodeQL default setup is enabled. This includes uploads using the REST API and the CodeQL CLI. SARIF uploads are blocked when CodeQL default setup is enabled to reduce the potential for users to be confused by seeing similar code scanning alerts generated by different systems.

You will only see this error for SARIF files that contain results created using CodeQL.

Confirming the cause of the error

  1. On GitHub, navigate to the main page of the repository.

  2. Under your repository name, click Settings. If you cannot see the "Settings" tab, select the dropdown menu, then click Settings.

    Screenshot of a repository header showing the tabs. The "Settings" tab is highlighted by a dark orange outline.

  3. In the "Security" section of the sidebar, click Code security and analysis.

  4. In the "Code scanning" section of the page, next to "CodeQL analysis," click .

  5. If there is a Switch to advanced option, default setup is enabled for the repository.

Fixing the problem

Before you can fix the problem, you need to decide whether code scanning alerts from CodeQL analysis in this repository should be generated using default setup or uploaded from SARIF files.

Continuing to generate alerts using default setup

  1. Leave the repository settings as they are, with default setup enabled.
  2. Disable the process or processes that tried to upload SARIF files to the repository.

Disabling default setup to unblock SARIF upload

  1. In the "Code scanning" section of the page, next to "CodeQL analysis," from the menu select Disable CodeQL.
  2. Rerun the process to upload the SARIF file. It should now succeed if the SARIF file meets the requirements for code scanning. For information about validation and the format supported by code scanning, see "SARIF support for code scanning."