Skip to content

Only the top 5,000 results will be included, prioritized by severity. does not describe actual deployed behavior #38085

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
1 task done
jsoref opened this issue May 6, 2025 · 0 comments
Open
1 task done

Only the top 5,000 results will be included, prioritized by severity. does not describe actual deployed behavior #38085

jsoref opened this issue May 6, 2025 · 0 comments
Labels
content This issue or pull request belongs to the Docs Content team triage Do not begin working on this issue until triaged by the team

Comments

@jsoref
Copy link
Contributor

jsoref commented May 6, 2025

Code of Conduct

What article on docs.github.com is affected?

https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#validating-your-sarif-file

What part(s) of the article would you like to see updated?

The table says:

SARIF data Maximum values Data truncation limits
Results per run 25,000 Only the top 5,000 results will be included, prioritized by severity.

The current implementation doesn't appear to do that.

Either the text should be updated to say something else (my guess is that it's the top 5,000 results per severity), or the implementation should be changed to match the documentation (which would probably make more sense than the current behavior)

Additional information

https://github.com/check-spelling-sandbox/cert-manager/security

Image

check-spelling is reporting warnings. Check the status page for help.

https://github.com/check-spelling-sandbox/cert-manager/security/code-scanning/tools/check-spelling/status/configurations/actions-FZTWS5DIOVRC653POJVWM3DPO5ZS643QMVWGY2LOM4XHS3LM/e511b5682fa14795a6796791aeed75c7a0b4745efbf2807c37c878e23539b510

Image

Status
1 warning

Analysis SARIF file exceeded alert limits
View workflow run
An analysis file contained 5421 results which is more than our limit of 5000. Only 5000 were stored, the additional ones were ignored.

Learn more about limits in SARIF uploads.

^ This is the link to the page in question

https://github.com/check-spelling-sandbox/cert-manager/security/code-scanning?query=is%3Aopen+branch%3Aspell-check-with-spelling+tool%3Acheck-spelling

Image

https://github.com/check-spelling-sandbox/cert-manager/security/code-scanning?query=is%3Aopen+branch%3Aspell-check-with-spelling+tool%3Acheck-spelling+severity%3Anote%2Cwarning

Image

https://github.com/check-spelling-sandbox/cert-manager/security/code-scanning?query=is%3Aopen+branch%3Aspell-check-with-spelling+tool%3Acheck-spelling+severity%3Aerror

Image

https://ghsecuritylab.slack.com/archives/CQUMTHL1M/p1746543939781819
@jsoref jsoref added the content This issue or pull request belongs to the Docs Content team label May 6, 2025
@github-actions github-actions bot added the triage Do not begin working on this issue until triaged by the team label May 6, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
content This issue or pull request belongs to the Docs Content team triage Do not begin working on this issue until triaged by the team
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jsoref