Rule tags in SARIF file exceed limits #144318
Replies: 4 comments
-
Screenshot of the warning: |
Beta Was this translation helpful? Give feedback.
-
Found this link internally: https://liquid.microsoft.com/Web/Object/Read/ScanningToolWarnings/Requirements/CodeQL.SM01718#Zguide |
Beta Was this translation helpful? Give feedback.
-
Issue is now resolved
|
Beta Was this translation helpful? Give feedback.
-
And the issue came back. Can anyone explain what this error means and how to properly resolve it? |
Beta Was this translation helpful? Give feedback.
-
Select Topic Area
Question
Body
I'm working on MAPIStubLibrary. On my security tab, I've got a warning:
Code scanning: one or more analysis tools are reporting problems CodeQL is reporting warnings. Check the [status page](https://github.com/microsoft/MAPIStubLibrary/security/code-scanning/tools/CodeQL/status/configurations/api/74a8c85dff2dda02661ba4c491e7edc7db4d2491e021ce53e5df7e05ec472af1) for help.
When I follow that link, I see this:
Rule tags in SARIF file exceed limits The rule SM01718 in an uploaded SARIF file had 11 tags which is more than our limit of 10. Only 10 tags were stored for that rule, the additional ones were ignored.
You can edit the @tags metadata property of your query and remove some tags.
[Learn more about CodeQL query metadata](https://codeql.github.com/docs/writing-codeql-queries/metadata-for-codeql-queries/). [Learn more about limits in SARIF uploads](https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#validating-your-sarif-file).
But there are no details about what SARIF file caused this problem, or how I could go about locating this file. I can't even identify which action is supposed to have generated this broken file.
As far as I'm aware, actions generate SARIF files, but they "upload" them to some nebulous location github where no one can actually view them. I've never actually seen a SARIF file myself. I tried configuring an action to SARIF files to artifacts but got a file sharing violation. The documentation on SARIF result limits does list this warning but has no prescriptive guidance on dealing with it.
So - what am I actually supposed to do about this warning? How do I determine which action is triggering it? Is there some way to see the SARIF files we're generating in our actions so we can try to analyze why they may be triggering the warning?
Beta Was this translation helpful? Give feedback.
All reactions