--- title: 'SARIF results exceed one or more limits' shortTitle: Results exceed limits allowTitleToDifferFromFilename: true intro: 'Learn how to resolve problems when a SARIF file is rejected by {% data variables.product.prodname_code_scanning %} because one or more limits is exceeded.' type: reference topics: - Code scanning - Errors - SARIF - Troubleshooting versions: feature: code-scanning-tool-status-page redirect_from: - /code-security/code-scanning/troubleshooting-sarif/results-exceed-limit --- ## About {% data variables.product.prodname_code_scanning %} limits on SARIF results ```text # SARIF results exceed soft limits Locations for an alert exceeded limits Analysis SARIF file exceeded alert limits Rule tags in SARIF file exceed limits Alert in SARIF upload exceeded thread flow location limits # SARIF results exceed hard limit Alert(s) in SARIF file exceeded thread flow location limits Analysis SARIF file rejected due to extension limits Analysis SARIF file rejected due to location limit Analysis SARIF file rejected due to rule tag limits Analysis SARIF file rejected due to result limits Analysis SARIF file rejected due to rule limits Analysis SARIF file rejected due to run limits ``` {% data variables.product.prodname_code_scanning_caps %} sets two types of limits on fields in SARIF results files. - Soft limits which determine how much data is stored and displayed to users. - Hard limits which determine the maximum amount of data accepted for processing. You could see these errors for SARIF files generated by {% data variables.product.prodname_codeql %} or by third-party analysis tools. {% data reusables.code-scanning.sarif-limits %} For information about validating your SARIF file, see "[AUTOTITLE](/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#validating-your-sarif-file)." ## Fixing soft limit errors When soft limits are exceeded, {% data variables.product.prodname_code_scanning %} shows the highest priority information. Often you do not need to make any changes to your {% data variables.product.prodname_code_scanning %} configuration. As your team fixes alerts, the number of results reported in each run will reduce until they are within the soft limits and all results are displayed. Alternatively, you can use the approaches described for hard limit errors. ## Fixing "Analysis SARIF file rejected due to results limits" There are many considerations and potential solutions for reducing the number of results included in a SARIF results file. For guidance, see "[AUTOTITLE](/code-security/code-scanning/troubleshooting-sarif-uploads/file-too-large)." ## Fixing "Alert(s) in SARIF file exceeded thread flow location limits" You can configure the analysis to limit the number of dataflow paths included in the results. By default, 4 dataflow paths are included for each result. {% data reusables.code-scanning.max-paths-setting %} ## Fixing "Analysis SARIF file rejected due to run limits" The simplest approach is generate a new SARIF file for each run and upload each file separately. You add a "category" to each results and this enables {% data variables.product.prodname_code_scanning %} to store and display the results appropriately. For more information, see "[AUTOTITLE](/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#uploading-more-than-one-sarif-file-for-a-commit)." ## Fixing "Analysis SARIF file rejected due to rule limits" There are two possible approaches here. 1. Reduce the number of rules you use to analyze the code. For more information, see "[Defining the query suite to run](/code-security/code-scanning/troubleshooting-sarif-uploads/file-too-large#defining-the-query-suite-to-run)" and "[Excluding a query from analysis](/code-security/code-scanning/troubleshooting-sarif-uploads/file-too-large#excluding-a-query-from-analysis)" in "SARIF results file too large." 1. Run the analysis twice, each time with a different set of rules, and upload both results files to {% data variables.product.prodname_code_scanning %}. For more information, see "[AUTOTITLE](/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#uploading-more-than-one-sarif-file-for-a-commit)." ## Fixing "Analysis SARIF file rejected due to extension limits" The simplest approach is to create a separate SARIF file each time you run the tool and upload each file separately. You may also need to contact the maintainer of the tool. For more information, see "[AUTOTITLE](/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#uploading-more-than-one-sarif-file-for-a-commit)." {% data variables.product.prodname_codeql %} analysis should not generate this error. If you see this error while using the {% data variables.product.prodname_codeql %} action or {% data variables.product.prodname_codeql_cli %}, you should contact {% data variables.contact.github_support %} to let us know. For more information, see "[AUTOTITLE](/support/contacting-github-support)." ## Fixing "Analysis SARIF file rejected due to location limit" The best way to resolve this problem is usually to identify the query that reports too many locations and exclude it from analysis. For information on how to do this, see "[AUTOTITLE](/code-security/code-scanning/troubleshooting-sarif-uploads/file-too-large#excluding-a-query-from-analysis)." ## Fixing "Analysis SARIF file rejected due to rule tag limits" You need to update the SARIF file or the generator so that the array of tags reported for each `reportingDescriptor` object is fewer than 10. For more information, see `properties.tags[]` in "[AUTOTITLE](/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#reportingdescriptor-object)."