Troubleshooting SARIF uploads

You need to provide an authentication method for the upload process to use to access the repository.

Code scanning can only process syntactically valid SARIF files. Invalid files are rejected.

Learn how to resolve problems when a SARIF file is rejected by code scanning because one or more limits is exceeded.

You cannot upload a SARIF results file larger than 10 MB to code scanning. Explore ways to generate a smaller file containing the highest impact results.

You can only upload SARIF results to private or internal repositories where GitHub Code Security is enabled.

You cannot upload SARIF results generated by the CodeQL action or CodeQL CLI when default setup for code scanning is enabled. Check your configuration and decide whether to keep default setup or unblock SARIF upload.