Upload was rejected because CodeQL default setup is enabled for code scanning

You cannot upload SARIF results generated by the CodeQL action or CodeQL CLI when default setup for code scanning is enabled. Check your configuration and decide whether to keep default setup or unblock SARIF upload.

本文内容

About this error

Upload with CodeQL results rejected due to "default setup"

This error is reported if a process attempts to upload a SARIF file containing results of CodeQL analysis to a repository where CodeQL default setup is enabled. This includes uploads using the REST API and the CodeQL CLI. SARIF uploads are blocked when CodeQL default setup is enabled to reduce the potential for users to be confused by seeing similar code scanning alerts generated by different systems.

You will only see this error for SARIF files that contain results created using CodeQL.

Confirming the cause of the error

  1. 在 GitHub 上,导航到存储库的主页面。

  2. 在仓库名称下,单击 “Settings”****。 如果看不到“设置”选项卡,请选择“”下拉菜单,然后单击“设置”。

    存储库标头的屏幕截图,其中显示了选项卡。 “设置”选项卡以深橙色边框突出显示。

  3. 在边栏的“Security”部分中,单击“ Advanced Security”****。

  4. In the "Code Security" section of the page, next to "CodeQL analysis," click .

  5. If there is a Switch to advanced option, default setup is enabled for the repository.

Fixing the problem

Before you can fix the problem, you need to decide whether code scanning alerts from CodeQL analysis in this repository should be generated using default setup or uploaded from SARIF files.

Continuing to generate alerts using default setup

  1. Leave the repository settings as they are, with default setup enabled.
  2. Disable the process or processes that tried to upload SARIF files to the repository.

Disabling default setup to unblock SARIF upload

  1. In the "Code scanning" section of the page, next to "CodeQL analysis," from the menu select Disable CodeQL.
  2. 重新运行上传 SARIF 文件的过程。 如果 SARIF 文件满足 code scanning 的要求,则上传过程现在应该会成功。 有关验证和 code scanning 支持的格式的信息,请参阅“对代码扫描的 SARIF 支持”。