API
tryapis.com
Find anything
⌘ K
GitHub API Endpoints
actions
activity
apps
billing
checks
codes-of-conduct
emojis
enterprise-admin
gists
git
gitignore
interactions
issues
licenses
markdown
meta
migrations
oauth-authorizations
orgs
packages
projects
pulls
rate-limit
reactions
repos
scim
search
secret-scanning
teams
users

POST

https://api.github.com/repos/owner/repo/code-scanning/sarifs

Uploads SARIF data containing the results of a code scanning analysis to make the results available in a repository. You must use an access token with the security_events scope to use this endpoint. GitHub Apps must have the security_events write permission to use this endpoint.

There are two places where you can upload code scanning results.

You must compress the SARIF-formatted analysis data that you want to upload, using gzip, and then encode it as a Base64 format string. For example:

gzip -c analysis-data.sarif | base64 -w0

SARIF upload supports a maximum of 5000 results per analysis run. Any results over this limit are ignored and any SARIF uploads with more than 25,000 results are rejected. Typically, but not necessarily, a SARIF file contains a single run of a single tool. If a code scanning tool generates too many results, you should update the analysis configuration to run only the most important rules or queries.

The 202 Accepted, response includes an id value. You can use this ID to check the status of the upload by using this for the /sarifs/{sarif_id} endpoint. For more information, see "Get information about a SARIF upload."

Scopes requested: user, public_repo, repo, notifications, gist
Authorization
tryapis.com never stores your requests or responses