About this error

A GitHub token is required to upload SARIF results but none was specified

This error is reported if the upload process does not reference an authentication method, or if that method has the wrong permission. The permissions required to upload SARIF file to a repository are the same no matter what process you use to upload the data.

• Fine-grained personal access tokens requirewrite scope for the repository.
• Classic personal access tokens requiresecurity_events scope for the repository for private or internal repositories. You can use tokens with thepublic_repo scope for public repositories.
• GitHub Apps requiresecurity_events scope for the repository.

You could see this error for SARIF files created using any tool and uploaded using any method.

Fixing the problem

Create a new personal access token or GitHub App with the correct permission. For more information see,Managing your personal access tokens, orAuthenticating as a GitHub App andDeciding when to build a GitHub App.