Skip to content

upload-sarif: constantly hitting the timeout window on upload step #2992

New issue
New issue
Open
Open
upload-sarif: constantly hitting the timeout window on upload step#2992
@amhibyan

Description

@amhibyan
amhibyan
opened on Jul 24, 2025

Hello,

I keep encountering an error where during the upload-sarif step of my action, the build keeps getting stuck for 6 hours then timing out. I have verified the size of the sarif file is only 1.6 MB and that it is a valid file. So neither of those should be an issue.

When enabling debugging logs I do see it getting caught on this fingerprint portion but I was unable to find anything helpful online. Any advice or guidance here is greatly appreciated.

Uploading code scanning results
  Processing sarif files: ["trivy-results.sarif"]
  Validating trivy-results.sarif
  ##[debug]Diff ranges JSON file does not exist at /home/runner/_work/_temp/pr-diff-range.json
  Adding fingerprints to SARIF file. See https://docs.github.com/en/enterprise-cloud@latest/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#providing-data-to-track-code-scanning-alerts-across-runs for more information.
  ##[debug]Unable to compute fingerprint for non-existent file: /home/runner/_work/REDACTED
  ##[debug]Unable to compute fingerprint for non-existent file: /home/runner/_work/REDACTED
  ##[debug]Unable to compute fingerprint for non-existent file: /home/runner/_work/REDACTED
  ##[debug]Unable to compute fingerprint for non-existent file: /home/runner/_work/REDACTED
  ##[debug]Unable to compute fingerprint for non-existent file: /home/runner/_work/REDACTED
  ##[debug]Re-evaluate condition on job cancellation for step: 'run'.

Please let me know if you need any other info from my workflow file.

    - name: trivy security scan
      uses: aquasecurity/trivy-action@0.10.0
      env:
        TRIVY_DB_REPOSITORY: REDACTED
        TRIVY_JAVA_DB_REPOSITORY: REDACTED
      with:
        input: image-${{ env.BUILD_IMAGE_ID }}.tar
        scan-type: image
        image-ref: ${{ env.BUILD_IMAGE }}
        ignore-unfixed: true
        format: sarif
        output: trivy-results.sarif
        severity: CRITICAL
        limit-severities-for-sarif: false
        skip-dirs: |
          /root/.ssh/id_ed25519

    - name: upload trivy results to github
      uses: github/codeql-action/upload-sarif@v3
      with:
        sarif_file: trivy-results.sarif

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions