About this error
A GitHub token is required to upload SARIF results but none was specified
This error is reported if the upload process does not reference an authentication method, or if that method has the wrong permission. The permissions required to upload SARIF file to a repository are the same no matter what process you use to upload the data.
- Fine-grained personal access tokens require
write
scope for the repository. - Classic personal access tokens require
security_events
scope for the repository for private or internal repositories. You can use tokens with thepublic_repo
scope for public repositories. - GitHub Apps require
security_events
scope for the repository.
You could see this error for SARIF files created using any tool and uploaded using any method.
Fixing the problem
Create a new personal access token or GitHub App with the correct permission. For more information see, "Managing your personal access tokens", or "Authenticating as a GitHub App" and "Deciding when to build a GitHub App."