Skip to content

Only the top 5,000 results will be included, prioritized by severity. does not describe actual deployed behavior #38085

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
1 task done
jsoref opened this issue May 6, 2025 · 1 comment
Open
1 task done

Only the top 5,000 results will be included, prioritized by severity. does not describe actual deployed behavior #38085

jsoref opened this issue May 6, 2025 · 1 comment
Labels
code security Content related to code security content This issue or pull request belongs to the Docs Content team needs SME This proposal needs review from a subject matter expert

Comments

@jsoref
Copy link
Contributor

jsoref commented May 6, 2025

Code of Conduct

What article on docs.github.com is affected?

https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#validating-your-sarif-file

What part(s) of the article would you like to see updated?

The table says:

SARIF data Maximum values Data truncation limits
Results per run 25,000 Only the top 5,000 results will be included, prioritized by severity.

The current implementation doesn't appear to do that.

Either the text should be updated to say something else (my guess is that it's the top 5,000 results per severity), or the implementation should be changed to match the documentation (which would probably make more sense than the current behavior)

Additional information

https://github.com/check-spelling-sandbox/cert-manager/security

Image

check-spelling is reporting warnings. Check the status page for help.

https://github.com/check-spelling-sandbox/cert-manager/security/code-scanning/tools/check-spelling/status/configurations/actions-FZTWS5DIOVRC653POJVWM3DPO5ZS643QMVWGY2LOM4XHS3LM/e511b5682fa14795a6796791aeed75c7a0b4745efbf2807c37c878e23539b510

Image

Status
1 warning

Analysis SARIF file exceeded alert limits
View workflow run
An analysis file contained 5421 results which is more than our limit of 5000. Only 5000 were stored, the additional ones were ignored.

Learn more about limits in SARIF uploads.

^ This is the link to the page in question

https://github.com/check-spelling-sandbox/cert-manager/security/code-scanning?query=is%3Aopen+branch%3Aspell-check-with-spelling+tool%3Acheck-spelling

Image

https://github.com/check-spelling-sandbox/cert-manager/security/code-scanning?query=is%3Aopen+branch%3Aspell-check-with-spelling+tool%3Acheck-spelling+severity%3Anote%2Cwarning

Image

https://github.com/check-spelling-sandbox/cert-manager/security/code-scanning?query=is%3Aopen+branch%3Aspell-check-with-spelling+tool%3Acheck-spelling+severity%3Aerror

Image

https://ghsecuritylab.slack.com/archives/CQUMTHL1M/p1746543939781819
@jsoref jsoref added the content This issue or pull request belongs to the Docs Content team label May 6, 2025
@github-actions github-actions bot added the triage Do not begin working on this issue until triaged by the team label May 6, 2025
@Sharra-writes Sharra-writes added code security Content related to code security needs SME This proposal needs review from a subject matter expert and removed triage Do not begin working on this issue until triaged by the team labels May 7, 2025
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented May 7, 2025

Thanks for opening an issue! We've triaged this issue for technical review by a subject matter expert 👀

@jsoref jsoref mentioned this issue May 7, 2025
Open
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
code security Content related to code security content This issue or pull request belongs to the Docs Content team needs SME This proposal needs review from a subject matter expert
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jsoref @Sharra-writes and others