Troubleshooting SARIF uploads

You can only upload SARIF results to repositories where GitHub Advanced Security is enabled.

You cannot upload SARIF results generated by the CodeQL action or CodeQL CLI when default setup for code scanning is enabled. Check your configuration and decide whether to keep default setup or unblock SARIF upload.

You need to provide an authentication method for the upload process to use to access the repository.

Code scanning can only process syntactically valid SARIF files. Invalid files are rejected.

You cannot upload a SARIF results file larger than 10 MB to code scanning. Explore ways to generate a smaller file containing the highest impact results.

Learn how to resolve problems when a SARIF file is rejected by code scanning because one or more limits is exceeded.