If you want to upload the SARIF report to GitHub Security, you'll need to add these permissions to the job: permissions: actions: read security-events: write Advanced Security must be enabled for this repository to use code scanning If you receive this error, it likely means you're using ...