A quick blog post to detail how to fix error Resource Not Accessible by Integration within your GitHub Actions. I came across this initially when trying to upload a .sarf report as part of Trivy scanning.
The error
In my case, I attempted to upload a SARIF report. This file helps with code scanning. I used GitHub Actions and encountered an error. The error reads, “Resource not accessible by integration.”
What does that even mean? Essentially, the workflow doesn’t have the right permissions to perform the action you’re asking of it
Full output of error below:
Run github/codeql-action/upload-sarif@v3
Warning: Resource not accessible by integration
Uploading results
Processing sarif files: ["trivy-results.sarif"]
Validating trivy-results.sarif
Combining SARIF files using the CodeQL CLI
Adding fingerprints to SARIF file. See https://docs.github.com/en/enterprise-cloud@latest/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#providing-data-to-track-code-scanning-alerts-across-runs for more information.
Uploading results
Warning: Resource not accessible by integration
Error: Resource not accessible by integration
Warning: Resource not accessible by integration
The fix
Luckily, there are two straightforward ways to resolve this issue. Let’s break them down.
1. Adjust Workflow Permissions in the GitHub Portal
- Navigate to your repo → Settings → Actions → General
- Under Workflow permissions, switch to Read and write
- Retry your failed workflow
2. Fine-Tune Permissions in Your Workflow File
To achieve a more precise solution, specify the exact permissions your workflow needs directly in your YAML file.
permissions:
actions: read
security-events: write
I do recommend this way, makes fine-grained control safer than ever. By specifying exact permissions per job, you minimise exposure compared to the old “all-or-nothing” approach as mentioned option 1. It’s like giving your action a specific office keycard instead of the building master key.
Wrapping up
So, there you have it – two ways to tackle the “Resource not accessible by integration” error. You may choose the quick portal fix. Alternatively, you can go with the more granular YAML approach. Either way, you’ll be back to smooth deploying in no time.
