Upload with CodeQL results rejected due to "default setup"
This error is reported if a process attempts to upload a SARIF file containing results of CodeQL analysis to a repository where CodeQL default setup is enabled. This includes uploads using the REST API and the CodeQL CLI. SARIF uploads are blocked when CodeQL default setup is enabled to reduce the potential for users to be confused by seeing similar code scanning alerts generated by different systems.
You will only see this error for SARIF files that contain results created using CodeQL.
-
On GitHub.com, navigate to the main page of the repository.
-
Under your repository name, click
Settings
. If you cannot see the "Settings" tab, select the
dropdown menu, then click
Settings
.
-
In the "Security" section of the sidebar, click
Code security and analysis
.
-
In the "Code scanning" section of the page, next to "CodeQL analysis," click
.
-
If there is a
Switch to advanced
option, default setup is enabled for the repository.
Before you can fix the problem, you need to decide whether code scanning alerts from CodeQL analysis in this repository should be generated using default setup or uploaded from SARIF files.
- Leave the repository settings as they are, with default setup enabled.
- Disable the process or processes that tried to upload SARIF files to the repository.
- In the "Code scanning" section of the page, next to "CodeQL analysis," from the
menu select
Disable CodeQL
.
- Rerun the process to upload the SARIF file. It should now succeed if the SARIF file meets the requirements for code scanning. For information about validation and the format supported by code scanning, see "
SARIF support for code scanning
."
