<!DOCTYPE html><html data-color-mode="auto" data-light-theme="light" data-dark-theme="dark" lang="en"><head><meta charSet="utf-8"/><meta name="viewport" content="width=device-width, initial-scale=1"/><link rel="icon" type="image/png" href="/assets/cb-345/images/site/favicon.png"/><link href="/manifest.json" rel="manifest"/><meta name="google-site-verification" content="c1kuD-K2HIVF635lypcsWPoD4kilo5-jA_wBFyT4uMY"/><title>Customizing your advanced setup for code scanning - GitHub Docs</title><meta name="description" content="You can customize how your advanced setup scans the code in your project for vulnerabilities and errors."/><link rel="alternate" hrefLang="zh-Hans" href="https://docs.github.com/zh/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning"/><link rel="alternate" hrefLang="es" href="https://docs.github.com/es/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning"/><link rel="alternate" hrefLang="pt" href="https://docs.github.com/pt/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning"/><link rel="alternate" hrefLang="ru" href="https://docs.github.com/ru/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning"/><link rel="alternate" hrefLang="ja" href="https://docs.github.com/ja/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning"/><link rel="alternate" hrefLang="fr" href="https://docs.github.com/fr/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning"/><link rel="alternate" hrefLang="de" href="https://docs.github.com/de/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning"/><link rel="alternate" hrefLang="ko" href="https://docs.github.com/ko/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning"/><meta name="keywords" content="Advanced Security,Code scanning,Actions,Repositories,Pull requests,JavaScript,Python"/><meta name="path-language" content="en"/><meta name="path-version" content="free-pro-team@latest"/><meta name="path-product" content="code-security"/><meta name="path-article" content="code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning"/><meta name="page-type" content="how_to"/><meta name="page-document-type" content="article"/><meta name="status" content="200"/><meta property="og:site_name" content="GitHub Docs"/><meta property="og:title" content="Customizing your advanced setup for code scanning - GitHub Docs"/><meta property="og:type" content="article"/><meta property="og:url" content="https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning"/><meta property="og:image" content="https://github.githubassets.com/images/modules/open_graph/github-logo.png"/><meta name="next-head-count" content="28"/><link rel="preload" href="/_next/static/css/87cea936052d1d95.css" as="style"/><link rel="stylesheet" href="/_next/static/css/87cea936052d1d95.css" data-n-g=""/><link rel="preload" href="/_next/static/css/66757a3783028467.css" as="style"/><link rel="stylesheet" href="/_next/static/css/66757a3783028467.css" data-n-p=""/><noscript data-n-css=""></noscript><script defer="" nomodule="" src="/_next/static/chunks/polyfills-78c92fac7aa8fdd8.js"></script><script src="/_next/static/chunks/webpack-ec48c0d94b7da59f.js" defer=""></script><script src="/_next/static/chunks/framework-945b357d4a851f4b.js" defer=""></script><script src="/_next/static/chunks/main-c95ae151e287e458.js" defer=""></script><script src="/_next/static/chunks/pages/_app-797fa94dba278176.js" defer=""></script><script src="/_next/static/chunks/727f57db-570e92d04a1cf153.js" defer=""></script><script src="/_next/static/chunks/4432-e0b0889138923fc7.js" defer=""></script><script src="/_next/static/chunks/6066-8d61a14f5f75720a.js" defer=""></script><script src="/_next/static/chunks/5293-274846982f5b82bb.js" defer=""></script><script src="/_next/static/chunks/2689-e7cc4d533fabe066.js" defer=""></script><script src="/_next/static/chunks/9418-89747b124934b544.js" defer=""></script><script src="/_next/static/chunks/5343-e2ac6b70d565e15c.js" defer=""></script><script src="/_next/static/chunks/pages/%5BversionId%5D/%5BproductId%5D/%5B...restPage%5D-d93d7776ab1c3347.js" defer=""></script><script src="/_next/static/zlsDNEj4XHFrSHCwIiw66/_buildManifest.js" defer=""></script><script src="/_next/static/zlsDNEj4XHFrSHCwIiw66/_ssgManifest.js" defer=""></script><style data-styled="" data-styled-version="5.3.5">.cEhRXB{-webkit-box-pack:center;-webkit-justify-content:center;-ms-flex-pack:center;justify-content:center;}/*!sc*/ .dmdEgz{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;pointer-events:none;}/*!sc*/ .Ywlla{list-style:none;}/*!sc*/ .hROlum{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;-webkit-box-flex:1;-webkit-flex-grow:1;-ms-flex-positive:1;flex-grow:1;min-width:0;}/*!sc*/ .cUxMoC{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-box-flex:1;-webkit-flex-grow:1;-ms-flex-positive:1;flex-grow:1;}/*!sc*/ .bmseMA{-webkit-box-flex:1;-webkit-flex-grow:1;-ms-flex-positive:1;flex-grow:1;font-weight:400;word-break:break-word;}/*!sc*/ .lmYNOb{height:20px;-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;color:var(--fgColor-muted,var(--color-fg-muted,#656d76));margin-left:8px;font-weight:initial;}/*!sc*/ [data-variant="danger"]:hover .Box-sc-g0xbh4-0,[data-variant="danger"]:active .lmYNOb{color:var(--fgColor-default,var(--color-fg-default,#1F2328));}/*!sc*/ .gMkIpo{padding:0;margin:0;display:none;}/*!sc*/ .gMkIpo *{font-size:14px;}/*!sc*/ .enEvIH{padding:0;margin:0;display:block;}/*!sc*/ .enEvIH *{font-size:14px;}/*!sc*/ .ivpQTm{-webkit-box-flex:1;-webkit-flex-grow:1;-ms-flex-positive:1;flex-grow:1;font-weight:600;word-break:break-word;}/*!sc*/ .eQiQea{grid-area:topper;}/*!sc*/ .ijSsTo{grid-area:intro;}/*!sc*/ .dMdwQg{border-radius:10px;border-style:solid;border-color:var(--borderColor-default,var(--color-border-default,#d0d7de));padding:16px;}/*!sc*/ .giVcWX{-webkit-align-self:flex-start;-ms-flex-item-align:start;align-self:flex-start;grid-area:sidebar;}/*!sc*/ .kohLxz{grid-area:content;}/*!sc*/ data-styled.g3[id="Box-sc-g0xbh4-0"]{content:"cEhRXB,dmdEgz,Ywlla,hROlum,cUxMoC,bmseMA,lmYNOb,gMkIpo,enEvIH,ivpQTm,eQiQea,ijSsTo,dMdwQg,giVcWX,kohLxz,"}/*!sc*/ .hXCKEr{border-radius:6px;border:1px solid;border-color:transparent;font-family:inherit;font-weight:500;font-size:14px;cursor:pointer;-webkit-appearance:none;-moz-appearance:none;appearance:none;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;-webkit-text-decoration:none;text-decoration:none;text-align:center;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:justify;-webkit-justify-content:space-between;-ms-flex-pack:justify;justify-content:space-between;height:32px;padding:0 12px;gap:8px;min-width:-webkit-max-content;min-width:-moz-max-content;min-width:max-content;-webkit-transition:80ms cubic-bezier(0.65,0,0.35,1);transition:80ms cubic-bezier(0.65,0,0.35,1);-webkit-transition-property:color,fill,background-color,border-color;transition-property:color,fill,background-color,border-color;color:var(--button-default-fgColor-rest,var(--color-btn-text,#24292f));background-color:transparent;box-shadow:none;}/*!sc*/ .hXCKEr:focus:not(:disabled){box-shadow:none;outline:2px solid var(--fgColor-accent,var(--color-accent-fg,#0969da));outline-offset:-2px;}/*!sc*/ .hXCKEr:focus:not(:disabled):not(:focus-visible){outline:solid 1px transparent;}/*!sc*/ .hXCKEr:focus-visible:not(:disabled){box-shadow:none;outline:2px solid var(--fgColor-accent,var(--color-accent-fg,#0969da));outline-offset:-2px;}/*!sc*/ .hXCKEr[href]{display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;}/*!sc*/ .hXCKEr[href]:hover{-webkit-text-decoration:none;text-decoration:none;}/*!sc*/ .hXCKEr:hover{-webkit-transition-duration:80ms;transition-duration:80ms;}/*!sc*/ .hXCKEr:active{-webkit-transition:none;transition:none;}/*!sc*/ .hXCKEr[data-inactive]{cursor:auto;}/*!sc*/ .hXCKEr:disabled{cursor:not-allowed;box-shadow:none;color:var(--fgColor-disabled,var(--color-primer-fg-disabled,#8c959f));}/*!sc*/ .hXCKEr:disabled [data-component=ButtonCounter],.hXCKEr:disabled [data-component="leadingVisual"],.hXCKEr:disabled [data-component="trailingAction"]{color:inherit;}/*!sc*/ @media (forced-colors:active){.hXCKEr:focus{outline:solid 1px transparent;}}/*!sc*/ .hXCKEr [data-component=ButtonCounter]{font-size:12px;}/*!sc*/ .hXCKEr[data-component=IconButton]{display:inline-grid;padding:unset;place-content:center;width:32px;min-width:unset;}/*!sc*/ .hXCKEr[data-size="small"]{padding:0 8px;height:28px;gap:4px;font-size:12px;}/*!sc*/ .hXCKEr[data-size="small"] [data-component="text"]{line-height:calc(20 / 12);}/*!sc*/ .hXCKEr[data-size="small"] [data-component=ButtonCounter]{font-size:12px;}/*!sc*/ .hXCKEr[data-size="small"] [data-component="buttonContent"] > :not(:last-child){margin-right:4px;}/*!sc*/ .hXCKEr[data-size="small"][data-component=IconButton]{width:28px;padding:unset;}/*!sc*/ .hXCKEr[data-size="large"]{padding:0 16px;height:40px;gap:8px;}/*!sc*/ .hXCKEr[data-size="large"] [data-component="buttonContent"] > :not(:last-child){margin-right:8px;}/*!sc*/ .hXCKEr[data-size="large"][data-component=IconButton]{width:40px;padding:unset;}/*!sc*/ .hXCKEr[data-block="block"]{width:100%;}/*!sc*/ .hXCKEr[data-label-wrap="true"]{min-width:-webkit-fit-content;min-width:-moz-fit-content;min-width:fit-content;height:unset;min-height:var(--control-medium-size,2rem);}/*!sc*/ .hXCKEr[data-label-wrap="true"] [data-component="buttonContent"]{-webkit-flex:1 1 auto;-ms-flex:1 1 auto;flex:1 1 auto;-webkit-align-self:stretch;-ms-flex-item-align:stretch;align-self:stretch;padding-block:calc(var(--control-medium-paddingBlock,0.375rem) - 2px);}/*!sc*/ .hXCKEr[data-label-wrap="true"] [data-component="text"]{white-space:unset;word-break:break-word;}/*!sc*/ .hXCKEr[data-label-wrap="true"][data-size="small"]{height:unset;min-height:var(--control-small-size,1.75rem);}/*!sc*/ .hXCKEr[data-label-wrap="true"][data-size="small"] [data-component="buttonContent"]{padding-block:calc(var(--control-small-paddingBlock,0.25rem) - 2px);}/*!sc*/ .hXCKEr[data-label-wrap="true"][data-size="large"]{height:unset;min-height:var(--control-large-size,2.5rem);padding-inline:var(--control-large-paddingInline-spacious,1rem);}/*!sc*/ .hXCKEr[data-label-wrap="true"][data-size="large"] [data-component="buttonContent"]{padding-block:calc(var(--control-large-paddingBlock,0.625rem) - 2px);}/*!sc*/ .hXCKEr[data-inactive]:not([disabled]){background-color:var(--button-inactive-bgColor,var(--button-inactive-bgColor-rest,var(--color-btn-inactive-bg,#eaeef2)));border-color:var(--button-inactive-bgColor,var(--button-inactive-bgColor-rest,var(--color-btn-inactive-bg,#eaeef2)));color:var(--button-inactive-fgColor,var(--button-inactive-fgColor-rest,var(--color-btn-inactive-text,#57606a)));}/*!sc*/ .hXCKEr[data-inactive]:not([disabled]):focus-visible{box-shadow:none;}/*!sc*/ .hXCKEr [data-component="leadingVisual"]{grid-area:leadingVisual;color:var(--fgColor-muted,var(--color-fg-muted,#656d76));}/*!sc*/ .hXCKEr [data-component="text"]{grid-area:text;line-height:calc(20/14);white-space:nowrap;}/*!sc*/ .hXCKEr [data-component="trailingVisual"]{grid-area:trailingVisual;}/*!sc*/ .hXCKEr [data-component="trailingAction"]{margin-right:-4px;color:var(--fgColor-muted,var(--color-fg-muted,#656d76));}/*!sc*/ .hXCKEr [data-component="buttonContent"]{-webkit-flex:1 0 auto;-ms-flex:1 0 auto;flex:1 0 auto;display:grid;grid-template-areas:"leadingVisual text trailingVisual";grid-template-columns:min-content minmax(0,auto) min-content;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-align-content:center;-ms-flex-line-pack:center;align-content:center;}/*!sc*/ .hXCKEr [data-component="buttonContent"] > :not(:last-child){margin-right:8px;}/*!sc*/ .hXCKEr [data-component="loadingSpinner"]{grid-area:text;margin-right:0px !important;place-self:center;}/*!sc*/ .hXCKEr [data-component="loadingSpinner"] + [data-component="text"]{visibility:hidden;}/*!sc*/ .hXCKEr:hover:not([disabled]){background-color:var(--control-transparent-bgColor-hover,var(--color-action-list-item-default-hover-bg,rgba(208,215,222,0.32)));}/*!sc*/ .hXCKEr:active:not([disabled]){background-color:var(--control-transparent-bgColor-active,var(--color-action-list-item-default-active-bg,rgba(208,215,222,0.48)));}/*!sc*/ .hXCKEr[aria-expanded=true]{background-color:var(--control-transparent-bgColor-selected,var(--color-action-list-item-default-selected-bg,rgba(208,215,222,0.24)));}/*!sc*/ .hXCKEr[data-component="IconButton"][data-no-visuals]{color:var(--fgColor-muted,var(--color-fg-muted,#656d76));}/*!sc*/ .hXCKEr[data-no-visuals]{color:var(--fgColor-accent,var(--color-accent-fg,#0969da));}/*!sc*/ .hXCKEr:has([data-component="ButtonCounter"]){color:var(--button-default-fgColor-rest,var(--color-btn-text,#24292f));}/*!sc*/ .hXCKEr:disabled[data-no-visuals]{color:var(--fgColor-disabled,var(--color-primer-fg-disabled,#8c959f));}/*!sc*/ .hXCKEr:disabled[data-no-visuals] [data-component=ButtonCounter]{color:inherit;}/*!sc*/ .hXCKEr{height:auto;text-align:left;}/*!sc*/ .hXCKEr span:first-child{display:inline;}/*!sc*/ .jOdgLl{border-radius:6px;border:1px solid;border-color:var(--button-default-borderColor-rest,var(--button-default-borderColor-rest,var(--color-btn-border,rgba(31,35,40,0.15))));font-family:inherit;font-weight:500;font-size:14px;cursor:pointer;-webkit-appearance:none;-moz-appearance:none;appearance:none;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;-webkit-text-decoration:none;text-decoration:none;text-align:center;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:justify;-webkit-justify-content:space-between;-ms-flex-pack:justify;justify-content:space-between;height:32px;padding:0 12px;gap:8px;min-width:-webkit-max-content;min-width:-moz-max-content;min-width:max-content;-webkit-transition:80ms cubic-bezier(0.65,0,0.35,1);transition:80ms cubic-bezier(0.65,0,0.35,1);-webkit-transition-property:color,fill,background-color,border-color;transition-property:color,fill,background-color,border-color;color:var(--button-default-fgColor-rest,var(--color-btn-text,#24292f));background-color:var(--button-default-bgColor-rest,var(--color-btn-bg,#f6f8fa));box-shadow:var(--button-default-shadow-resting,var(--color-btn-shadow,0 1px 0 rgba(31,35,40,0.04))),var(--button-default-shadow-inset,var(--color-btn-inset-shadow,inset 0 1px 0 rgba(255,255,255,0.25)));}/*!sc*/ .jOdgLl:focus:not(:disabled){box-shadow:none;outline:2px solid var(--fgColor-accent,var(--color-accent-fg,#0969da));outline-offset:-2px;}/*!sc*/ .jOdgLl:focus:not(:disabled):not(:focus-visible){outline:solid 1px transparent;}/*!sc*/ .jOdgLl:focus-visible:not(:disabled){box-shadow:none;outline:2px solid var(--fgColor-accent,var(--color-accent-fg,#0969da));outline-offset:-2px;}/*!sc*/ .jOdgLl[href]{display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;}/*!sc*/ .jOdgLl[href]:hover{-webkit-text-decoration:none;text-decoration:none;}/*!sc*/ .jOdgLl:hover{-webkit-transition-duration:80ms;transition-duration:80ms;}/*!sc*/ .jOdgLl:active{-webkit-transition:none;transition:none;}/*!sc*/ .jOdgLl[data-inactive]{cursor:auto;}/*!sc*/ .jOdgLl:disabled{cursor:not-allowed;box-shadow:none;color:var(--fgColor-disabled,var(--color-primer-fg-disabled,#8c959f));border-color:var(--button-default-borderColor-disabled,var(--button-default-borderColor-rest,var(--color-btn-border,rgba(31,35,40,0.15))));background-color:var(--button-default-bgColor-disabled,var(--control-bgColor-disabled,var(--color-input-disabled-bg,rgba(175,184,193,0.2))));}/*!sc*/ .jOdgLl:disabled [data-component=ButtonCounter]{color:inherit;}/*!sc*/ @media (forced-colors:active){.jOdgLl:focus{outline:solid 1px transparent;}}/*!sc*/ .jOdgLl [data-component=ButtonCounter]{font-size:12px;background-color:var(--buttonCounter-default-bgColor-rest,var(--color-btn-counter-bg,rgba(31,35,40,0.08)));}/*!sc*/ .jOdgLl[data-component=IconButton]{display:inline-grid;padding:unset;place-content:center;width:32px;min-width:unset;}/*!sc*/ .jOdgLl[data-size="small"]{padding:0 8px;height:28px;gap:4px;font-size:12px;}/*!sc*/ .jOdgLl[data-size="small"] [data-component="text"]{line-height:calc(20 / 12);}/*!sc*/ .jOdgLl[data-size="small"] [data-component=ButtonCounter]{font-size:12px;}/*!sc*/ .jOdgLl[data-size="small"] [data-component="buttonContent"] > :not(:last-child){margin-right:4px;}/*!sc*/ .jOdgLl[data-size="small"][data-component=IconButton]{width:28px;padding:unset;}/*!sc*/ .jOdgLl[data-size="large"]{padding:0 16px;height:40px;gap:8px;}/*!sc*/ .jOdgLl[data-size="large"] [data-component="buttonContent"] > :not(:last-child){margin-right:8px;}/*!sc*/ .jOdgLl[data-size="large"][data-component=IconButton]{width:40px;padding:unset;}/*!sc*/ .jOdgLl[data-block="block"]{width:100%;}/*!sc*/ .jOdgLl[data-label-wrap="true"]{min-width:-webkit-fit-content;min-width:-moz-fit-content;min-width:fit-content;height:unset;min-height:var(--control-medium-size,2rem);}/*!sc*/ .jOdgLl[data-label-wrap="true"] [data-component="buttonContent"]{-webkit-flex:1 1 auto;-ms-flex:1 1 auto;flex:1 1 auto;-webkit-align-self:stretch;-ms-flex-item-align:stretch;align-self:stretch;padding-block:calc(var(--control-medium-paddingBlock,0.375rem) - 2px);}/*!sc*/ .jOdgLl[data-label-wrap="true"] [data-component="text"]{white-space:unset;word-break:break-word;}/*!sc*/ .jOdgLl[data-label-wrap="true"][data-size="small"]{height:unset;min-height:var(--control-small-size,1.75rem);}/*!sc*/ .jOdgLl[data-label-wrap="true"][data-size="small"] [data-component="buttonContent"]{padding-block:calc(var(--control-small-paddingBlock,0.25rem) - 2px);}/*!sc*/ .jOdgLl[data-label-wrap="true"][data-size="large"]{height:unset;min-height:var(--control-large-size,2.5rem);padding-inline:var(--control-large-paddingInline-spacious,1rem);}/*!sc*/ .jOdgLl[data-label-wrap="true"][data-size="large"] [data-component="buttonContent"]{padding-block:calc(var(--control-large-paddingBlock,0.625rem) - 2px);}/*!sc*/ .jOdgLl[data-inactive]:not([disabled]){background-color:var(--button-inactive-bgColor,var(--button-inactive-bgColor-rest,var(--color-btn-inactive-bg,#eaeef2)));border-color:var(--button-inactive-bgColor,var(--button-inactive-bgColor-rest,var(--color-btn-inactive-bg,#eaeef2)));color:var(--button-inactive-fgColor,var(--button-inactive-fgColor-rest,var(--color-btn-inactive-text,#57606a)));}/*!sc*/ .jOdgLl[data-inactive]:not([disabled]):focus-visible{box-shadow:none;}/*!sc*/ .jOdgLl [data-component="leadingVisual"]{grid-area:leadingVisual;}/*!sc*/ .jOdgLl [data-component="text"]{grid-area:text;line-height:calc(20/14);white-space:nowrap;}/*!sc*/ .jOdgLl [data-component="trailingVisual"]{grid-area:trailingVisual;}/*!sc*/ .jOdgLl [data-component="trailingAction"]{margin-right:-4px;}/*!sc*/ .jOdgLl [data-component="buttonContent"]{-webkit-flex:1 0 auto;-ms-flex:1 0 auto;flex:1 0 auto;display:grid;grid-template-areas:"leadingVisual text trailingVisual";grid-template-columns:min-content minmax(0,auto) min-content;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-align-content:center;-ms-flex-line-pack:center;align-content:center;}/*!sc*/ .jOdgLl [data-component="buttonContent"] > :not(:last-child){margin-right:8px;}/*!sc*/ .jOdgLl [data-component="loadingSpinner"]{grid-area:text;margin-right:0px !important;place-self:center;}/*!sc*/ .jOdgLl [data-component="loadingSpinner"] + [data-component="text"]{visibility:hidden;}/*!sc*/ .jOdgLl:hover:not([disabled]):not([data-inactive]){background-color:var(--button-default-bgColor-hover,var(--color-btn-hover-bg,#f3f4f6));border-color:var(--button-default-borderColor-hover,var(--button-default-borderColor-hover,var(--color-btn-hover-border,rgba(31,35,40,0.15))));}/*!sc*/ .jOdgLl:active:not([disabled]):not([data-inactive]){background-color:var(--button-default-bgColor-active,var(--color-btn-active-bg,hsla(220,14%,93%,1)));border-color:var(--button-default-borderColor-active,var(--button-default-borderColor-active,var(--color-btn-active-border,rgba(31,35,40,0.15))));}/*!sc*/ .jOdgLl[aria-expanded=true]{background-color:var(--button-default-bgColor-active,var(--color-btn-active-bg,hsla(220,14%,93%,1)));border-color:var(--button-default-borderColor-active,var(--button-default-borderColor-active,var(--color-btn-active-border,rgba(31,35,40,0.15))));}/*!sc*/ .jOdgLl [data-component="leadingVisual"],.jOdgLl [data-component="trailingVisual"],.jOdgLl [data-component="trailingAction"]{color:var(--button-color,var(--fgColor-muted,var(--color-fg-muted,#656d76)));}/*!sc*/ .jOdgLl[data-component="IconButton"][data-no-visuals]{color:var(--fgColor-muted,var(--color-fg-muted,#656d76));}/*!sc*/ .jOdgLl[data-no-visuals]{border-top-left-radius:unset;border-bottom-left-radius:unset;}/*!sc*/ .hmWbvh{border-radius:6px;border:1px solid;border-color:var(--button-default-borderColor-rest,var(--button-default-borderColor-rest,var(--color-btn-border,rgba(31,35,40,0.15))));font-family:inherit;font-weight:500;font-size:14px;cursor:pointer;-webkit-appearance:none;-moz-appearance:none;appearance:none;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;-webkit-text-decoration:none;text-decoration:none;text-align:center;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:justify;-webkit-justify-content:space-between;-ms-flex-pack:justify;justify-content:space-between;height:32px;padding:0 12px;gap:8px;min-width:-webkit-max-content;min-width:-moz-max-content;min-width:max-content;-webkit-transition:80ms cubic-bezier(0.65,0,0.35,1);transition:80ms cubic-bezier(0.65,0,0.35,1);-webkit-transition-property:color,fill,background-color,border-color;transition-property:color,fill,background-color,border-color;color:var(--button-default-fgColor-rest,var(--color-btn-text,#24292f));background-color:var(--button-default-bgColor-rest,var(--color-btn-bg,#f6f8fa));box-shadow:var(--button-default-shadow-resting,var(--color-btn-shadow,0 1px 0 rgba(31,35,40,0.04))),var(--button-default-shadow-inset,var(--color-btn-inset-shadow,inset 0 1px 0 rgba(255,255,255,0.25)));}/*!sc*/ .hmWbvh:focus:not(:disabled){box-shadow:none;outline:2px solid var(--fgColor-accent,var(--color-accent-fg,#0969da));outline-offset:-2px;}/*!sc*/ .hmWbvh:focus:not(:disabled):not(:focus-visible){outline:solid 1px transparent;}/*!sc*/ .hmWbvh:focus-visible:not(:disabled){box-shadow:none;outline:2px solid var(--fgColor-accent,var(--color-accent-fg,#0969da));outline-offset:-2px;}/*!sc*/ .hmWbvh[href]{display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;}/*!sc*/ .hmWbvh[href]:hover{-webkit-text-decoration:none;text-decoration:none;}/*!sc*/ .hmWbvh:hover{-webkit-transition-duration:80ms;transition-duration:80ms;}/*!sc*/ .hmWbvh:active{-webkit-transition:none;transition:none;}/*!sc*/ .hmWbvh[data-inactive]{cursor:auto;}/*!sc*/ .hmWbvh:disabled{cursor:not-allowed;box-shadow:none;color:var(--fgColor-disabled,var(--color-primer-fg-disabled,#8c959f));border-color:var(--button-default-borderColor-disabled,var(--button-default-borderColor-rest,var(--color-btn-border,rgba(31,35,40,0.15))));background-color:var(--button-default-bgColor-disabled,var(--control-bgColor-disabled,var(--color-input-disabled-bg,rgba(175,184,193,0.2))));}/*!sc*/ .hmWbvh:disabled [data-component=ButtonCounter]{color:inherit;}/*!sc*/ @media (forced-colors:active){.hmWbvh:focus{outline:solid 1px transparent;}}/*!sc*/ .hmWbvh [data-component=ButtonCounter]{font-size:12px;background-color:var(--buttonCounter-default-bgColor-rest,var(--color-btn-counter-bg,rgba(31,35,40,0.08)));}/*!sc*/ .hmWbvh[data-component=IconButton]{display:inline-grid;padding:unset;place-content:center;width:32px;min-width:unset;}/*!sc*/ .hmWbvh[data-size="small"]{padding:0 8px;height:28px;gap:4px;font-size:12px;}/*!sc*/ .hmWbvh[data-size="small"] [data-component="text"]{line-height:calc(20 / 12);}/*!sc*/ .hmWbvh[data-size="small"] [data-component=ButtonCounter]{font-size:12px;}/*!sc*/ .hmWbvh[data-size="small"] [data-component="buttonContent"] > :not(:last-child){margin-right:4px;}/*!sc*/ .hmWbvh[data-size="small"][data-component=IconButton]{width:28px;padding:unset;}/*!sc*/ .hmWbvh[data-size="large"]{padding:0 16px;height:40px;gap:8px;}/*!sc*/ .hmWbvh[data-size="large"] [data-component="buttonContent"] > :not(:last-child){margin-right:8px;}/*!sc*/ .hmWbvh[data-size="large"][data-component=IconButton]{width:40px;padding:unset;}/*!sc*/ .hmWbvh[data-block="block"]{width:100%;}/*!sc*/ .hmWbvh[data-label-wrap="true"]{min-width:-webkit-fit-content;min-width:-moz-fit-content;min-width:fit-content;height:unset;min-height:var(--control-medium-size,2rem);}/*!sc*/ .hmWbvh[data-label-wrap="true"] [data-component="buttonContent"]{-webkit-flex:1 1 auto;-ms-flex:1 1 auto;flex:1 1 auto;-webkit-align-self:stretch;-ms-flex-item-align:stretch;align-self:stretch;padding-block:calc(var(--control-medium-paddingBlock,0.375rem) - 2px);}/*!sc*/ .hmWbvh[data-label-wrap="true"] [data-component="text"]{white-space:unset;word-break:break-word;}/*!sc*/ .hmWbvh[data-label-wrap="true"][data-size="small"]{height:unset;min-height:var(--control-small-size,1.75rem);}/*!sc*/ .hmWbvh[data-label-wrap="true"][data-size="small"] [data-component="buttonContent"]{padding-block:calc(var(--control-small-paddingBlock,0.25rem) - 2px);}/*!sc*/ .hmWbvh[data-label-wrap="true"][data-size="large"]{height:unset;min-height:var(--control-large-size,2.5rem);padding-inline:var(--control-large-paddingInline-spacious,1rem);}/*!sc*/ .hmWbvh[data-label-wrap="true"][data-size="large"] [data-component="buttonContent"]{padding-block:calc(var(--control-large-paddingBlock,0.625rem) - 2px);}/*!sc*/ .hmWbvh[data-inactive]:not([disabled]){background-color:var(--button-inactive-bgColor,var(--button-inactive-bgColor-rest,var(--color-btn-inactive-bg,#eaeef2)));border-color:var(--button-inactive-bgColor,var(--button-inactive-bgColor-rest,var(--color-btn-inactive-bg,#eaeef2)));color:var(--button-inactive-fgColor,var(--button-inactive-fgColor-rest,var(--color-btn-inactive-text,#57606a)));}/*!sc*/ .hmWbvh[data-inactive]:not([disabled]):focus-visible{box-shadow:none;}/*!sc*/ .hmWbvh [data-component="leadingVisual"]{grid-area:leadingVisual;}/*!sc*/ .hmWbvh [data-component="text"]{grid-area:text;line-height:calc(20/14);white-space:nowrap;}/*!sc*/ .hmWbvh [data-component="trailingVisual"]{grid-area:trailingVisual;}/*!sc*/ .hmWbvh [data-component="trailingAction"]{margin-right:-4px;}/*!sc*/ .hmWbvh [data-component="buttonContent"]{-webkit-flex:1 0 auto;-ms-flex:1 0 auto;flex:1 0 auto;display:grid;grid-template-areas:"leadingVisual text trailingVisual";grid-template-columns:min-content minmax(0,auto) min-content;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-align-content:center;-ms-flex-line-pack:center;align-content:center;}/*!sc*/ .hmWbvh [data-component="buttonContent"] > :not(:last-child){margin-right:8px;}/*!sc*/ .hmWbvh [data-component="loadingSpinner"]{grid-area:text;margin-right:0px !important;place-self:center;}/*!sc*/ .hmWbvh [data-component="loadingSpinner"] + [data-component="text"]{visibility:hidden;}/*!sc*/ .hmWbvh:hover:not([disabled]):not([data-inactive]){background-color:var(--button-default-bgColor-hover,var(--color-btn-hover-bg,#f3f4f6));border-color:var(--button-default-borderColor-hover,var(--button-default-borderColor-hover,var(--color-btn-hover-border,rgba(31,35,40,0.15))));}/*!sc*/ .hmWbvh:active:not([disabled]):not([data-inactive]){background-color:var(--button-default-bgColor-active,var(--color-btn-active-bg,hsla(220,14%,93%,1)));border-color:var(--button-default-borderColor-active,var(--button-default-borderColor-active,var(--color-btn-active-border,rgba(31,35,40,0.15))));}/*!sc*/ .hmWbvh[aria-expanded=true]{background-color:var(--button-default-bgColor-active,var(--color-btn-active-bg,hsla(220,14%,93%,1)));border-color:var(--button-default-borderColor-active,var(--button-default-borderColor-active,var(--color-btn-active-border,rgba(31,35,40,0.15))));}/*!sc*/ .hmWbvh [data-component="leadingVisual"],.hmWbvh [data-component="trailingVisual"],.hmWbvh [data-component="trailingAction"]{color:var(--button-color,var(--fgColor-muted,var(--color-fg-muted,#656d76)));}/*!sc*/ .hmWbvh[data-component="IconButton"][data-no-visuals]{color:var(--fgColor-muted,var(--color-fg-muted,#656d76));}/*!sc*/ .lkeyoI{border-radius:6px;border:1px solid;border-color:var(--button-default-borderColor-rest,var(--button-default-borderColor-rest,var(--color-btn-border,rgba(31,35,40,0.15))));font-family:inherit;font-weight:500;font-size:14px;cursor:pointer;-webkit-appearance:none;-moz-appearance:none;appearance:none;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;-webkit-text-decoration:none;text-decoration:none;text-align:center;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:justify;-webkit-justify-content:space-between;-ms-flex-pack:justify;justify-content:space-between;height:32px;padding:0 12px;gap:8px;min-width:-webkit-max-content;min-width:-moz-max-content;min-width:max-content;-webkit-transition:80ms cubic-bezier(0.65,0,0.35,1);transition:80ms cubic-bezier(0.65,0,0.35,1);-webkit-transition-property:color,fill,background-color,border-color;transition-property:color,fill,background-color,border-color;color:var(--button-default-fgColor-rest,var(--color-btn-text,#24292f));background-color:var(--button-default-bgColor-rest,var(--color-btn-bg,#f6f8fa));box-shadow:var(--button-default-shadow-resting,var(--color-btn-shadow,0 1px 0 rgba(31,35,40,0.04))),var(--button-default-shadow-inset,var(--color-btn-inset-shadow,inset 0 1px 0 rgba(255,255,255,0.25)));}/*!sc*/ .lkeyoI:focus:not(:disabled){box-shadow:none;outline:2px solid var(--fgColor-accent,var(--color-accent-fg,#0969da));outline-offset:-2px;}/*!sc*/ .lkeyoI:focus:not(:disabled):not(:focus-visible){outline:solid 1px transparent;}/*!sc*/ .lkeyoI:focus-visible:not(:disabled){box-shadow:none;outline:2px solid var(--fgColor-accent,var(--color-accent-fg,#0969da));outline-offset:-2px;}/*!sc*/ .lkeyoI[href]{display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;}/*!sc*/ .lkeyoI[href]:hover{-webkit-text-decoration:none;text-decoration:none;}/*!sc*/ .lkeyoI:hover{-webkit-transition-duration:80ms;transition-duration:80ms;}/*!sc*/ .lkeyoI:active{-webkit-transition:none;transition:none;}/*!sc*/ .lkeyoI[data-inactive]{cursor:auto;}/*!sc*/ .lkeyoI:disabled{cursor:not-allowed;box-shadow:none;color:var(--fgColor-disabled,var(--color-primer-fg-disabled,#8c959f));border-color:var(--button-default-borderColor-disabled,var(--button-default-borderColor-rest,var(--color-btn-border,rgba(31,35,40,0.15))));background-color:var(--button-default-bgColor-disabled,var(--control-bgColor-disabled,var(--color-input-disabled-bg,rgba(175,184,193,0.2))));}/*!sc*/ .lkeyoI:disabled [data-component=ButtonCounter]{color:inherit;}/*!sc*/ @media (forced-colors:active){.lkeyoI:focus{outline:solid 1px transparent;}}/*!sc*/ .lkeyoI [data-component=ButtonCounter]{font-size:12px;background-color:var(--buttonCounter-default-bgColor-rest,var(--color-btn-counter-bg,rgba(31,35,40,0.08)));}/*!sc*/ .lkeyoI[data-component=IconButton]{display:inline-grid;padding:unset;place-content:center;width:32px;min-width:unset;}/*!sc*/ .lkeyoI[data-size="small"]{padding:0 8px;height:28px;gap:4px;font-size:12px;}/*!sc*/ .lkeyoI[data-size="small"] [data-component="text"]{line-height:calc(20 / 12);}/*!sc*/ .lkeyoI[data-size="small"] [data-component=ButtonCounter]{font-size:12px;}/*!sc*/ .lkeyoI[data-size="small"] [data-component="buttonContent"] > :not(:last-child){margin-right:4px;}/*!sc*/ .lkeyoI[data-size="small"][data-component=IconButton]{width:28px;padding:unset;}/*!sc*/ .lkeyoI[data-size="large"]{padding:0 16px;height:40px;gap:8px;}/*!sc*/ .lkeyoI[data-size="large"] [data-component="buttonContent"] > :not(:last-child){margin-right:8px;}/*!sc*/ .lkeyoI[data-size="large"][data-component=IconButton]{width:40px;padding:unset;}/*!sc*/ .lkeyoI[data-block="block"]{width:100%;}/*!sc*/ .lkeyoI[data-label-wrap="true"]{min-width:-webkit-fit-content;min-width:-moz-fit-content;min-width:fit-content;height:unset;min-height:var(--control-medium-size,2rem);}/*!sc*/ .lkeyoI[data-label-wrap="true"] [data-component="buttonContent"]{-webkit-flex:1 1 auto;-ms-flex:1 1 auto;flex:1 1 auto;-webkit-align-self:stretch;-ms-flex-item-align:stretch;align-self:stretch;padding-block:calc(var(--control-medium-paddingBlock,0.375rem) - 2px);}/*!sc*/ .lkeyoI[data-label-wrap="true"] [data-component="text"]{white-space:unset;word-break:break-word;}/*!sc*/ .lkeyoI[data-label-wrap="true"][data-size="small"]{height:unset;min-height:var(--control-small-size,1.75rem);}/*!sc*/ .lkeyoI[data-label-wrap="true"][data-size="small"] [data-component="buttonContent"]{padding-block:calc(var(--control-small-paddingBlock,0.25rem) - 2px);}/*!sc*/ .lkeyoI[data-label-wrap="true"][data-size="large"]{height:unset;min-height:var(--control-large-size,2.5rem);padding-inline:var(--control-large-paddingInline-spacious,1rem);}/*!sc*/ .lkeyoI[data-label-wrap="true"][data-size="large"] [data-component="buttonContent"]{padding-block:calc(var(--control-large-paddingBlock,0.625rem) - 2px);}/*!sc*/ .lkeyoI[data-inactive]:not([disabled]){background-color:var(--button-inactive-bgColor,var(--button-inactive-bgColor-rest,var(--color-btn-inactive-bg,#eaeef2)));border-color:var(--button-inactive-bgColor,var(--button-inactive-bgColor-rest,var(--color-btn-inactive-bg,#eaeef2)));color:var(--button-inactive-fgColor,var(--button-inactive-fgColor-rest,var(--color-btn-inactive-text,#57606a)));}/*!sc*/ .lkeyoI[data-inactive]:not([disabled]):focus-visible{box-shadow:none;}/*!sc*/ .lkeyoI [data-component="leadingVisual"]{grid-area:leadingVisual;}/*!sc*/ .lkeyoI [data-component="text"]{grid-area:text;line-height:calc(20/14);white-space:nowrap;}/*!sc*/ .lkeyoI [data-component="trailingVisual"]{grid-area:trailingVisual;}/*!sc*/ .lkeyoI [data-component="trailingAction"]{margin-right:-4px;}/*!sc*/ .lkeyoI [data-component="buttonContent"]{-webkit-flex:1 0 auto;-ms-flex:1 0 auto;flex:1 0 auto;display:grid;grid-template-areas:"leadingVisual text trailingVisual";grid-template-columns:min-content minmax(0,auto) min-content;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-align-content:center;-ms-flex-line-pack:center;align-content:center;}/*!sc*/ .lkeyoI [data-component="buttonContent"] > :not(:last-child){margin-right:8px;}/*!sc*/ .lkeyoI [data-component="loadingSpinner"]{grid-area:text;margin-right:0px !important;place-self:center;}/*!sc*/ .lkeyoI [data-component="loadingSpinner"] + [data-component="text"]{visibility:hidden;}/*!sc*/ .lkeyoI:hover:not([disabled]):not([data-inactive]){background-color:var(--button-default-bgColor-hover,var(--color-btn-hover-bg,#f3f4f6));border-color:var(--button-default-borderColor-hover,var(--button-default-borderColor-hover,var(--color-btn-hover-border,rgba(31,35,40,0.15))));}/*!sc*/ .lkeyoI:active:not([disabled]):not([data-inactive]){background-color:var(--button-default-bgColor-active,var(--color-btn-active-bg,hsla(220,14%,93%,1)));border-color:var(--button-default-borderColor-active,var(--button-default-borderColor-active,var(--color-btn-active-border,rgba(31,35,40,0.15))));}/*!sc*/ .lkeyoI[aria-expanded=true]{background-color:var(--button-default-bgColor-active,var(--color-btn-active-bg,hsla(220,14%,93%,1)));border-color:var(--button-default-borderColor-active,var(--button-default-borderColor-active,var(--color-btn-active-border,rgba(31,35,40,0.15))));}/*!sc*/ .lkeyoI [data-component="leadingVisual"],.lkeyoI [data-component="trailingVisual"],.lkeyoI [data-component="trailingAction"]{color:var(--button-color,var(--fgColor-muted,var(--color-fg-muted,#656d76)));}/*!sc*/ .lkeyoI[data-component="IconButton"][data-no-visuals]{color:var(--fgColor-muted,var(--color-fg-muted,#656d76));}/*!sc*/ .lkeyoI[data-no-visuals]{display:none;}/*!sc*/ .htZXvk{border-radius:6px;border:1px solid;border-color:var(--button-default-borderColor-rest,var(--button-default-borderColor-rest,var(--color-btn-border,rgba(31,35,40,0.15))));font-family:inherit;font-weight:500;font-size:14px;cursor:pointer;-webkit-appearance:none;-moz-appearance:none;appearance:none;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;-webkit-text-decoration:none;text-decoration:none;text-align:center;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:justify;-webkit-justify-content:space-between;-ms-flex-pack:justify;justify-content:space-between;height:32px;padding:0 12px;gap:8px;min-width:-webkit-max-content;min-width:-moz-max-content;min-width:max-content;-webkit-transition:80ms cubic-bezier(0.65,0,0.35,1);transition:80ms cubic-bezier(0.65,0,0.35,1);-webkit-transition-property:color,fill,background-color,border-color;transition-property:color,fill,background-color,border-color;color:var(--button-default-fgColor-rest,var(--color-btn-text,#24292f));background-color:var(--button-default-bgColor-rest,var(--color-btn-bg,#f6f8fa));box-shadow:var(--button-default-shadow-resting,var(--color-btn-shadow,0 1px 0 rgba(31,35,40,0.04))),var(--button-default-shadow-inset,var(--color-btn-inset-shadow,inset 0 1px 0 rgba(255,255,255,0.25)));}/*!sc*/ .htZXvk:focus:not(:disabled){box-shadow:none;outline:2px solid var(--fgColor-accent,var(--color-accent-fg,#0969da));outline-offset:-2px;}/*!sc*/ .htZXvk:focus:not(:disabled):not(:focus-visible){outline:solid 1px transparent;}/*!sc*/ .htZXvk:focus-visible:not(:disabled){box-shadow:none;outline:2px solid var(--fgColor-accent,var(--color-accent-fg,#0969da));outline-offset:-2px;}/*!sc*/ .htZXvk[href]{display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;}/*!sc*/ .htZXvk[href]:hover{-webkit-text-decoration:none;text-decoration:none;}/*!sc*/ .htZXvk:hover{-webkit-transition-duration:80ms;transition-duration:80ms;}/*!sc*/ .htZXvk:active{-webkit-transition:none;transition:none;}/*!sc*/ .htZXvk[data-inactive]{cursor:auto;}/*!sc*/ .htZXvk:disabled{cursor:not-allowed;box-shadow:none;color:var(--fgColor-disabled,var(--color-primer-fg-disabled,#8c959f));border-color:var(--button-default-borderColor-disabled,var(--button-default-borderColor-rest,var(--color-btn-border,rgba(31,35,40,0.15))));background-color:var(--button-default-bgColor-disabled,var(--control-bgColor-disabled,var(--color-input-disabled-bg,rgba(175,184,193,0.2))));}/*!sc*/ .htZXvk:disabled [data-component=ButtonCounter]{color:inherit;}/*!sc*/ @media (forced-colors:active){.htZXvk:focus{outline:solid 1px transparent;}}/*!sc*/ .htZXvk [data-component=ButtonCounter]{font-size:12px;background-color:var(--buttonCounter-default-bgColor-rest,var(--color-btn-counter-bg,rgba(31,35,40,0.08)));}/*!sc*/ .htZXvk[data-component=IconButton]{display:inline-grid;padding:unset;place-content:center;width:32px;min-width:unset;}/*!sc*/ .htZXvk[data-size="small"]{padding:0 8px;height:28px;gap:4px;font-size:12px;}/*!sc*/ .htZXvk[data-size="small"] [data-component="text"]{line-height:calc(20 / 12);}/*!sc*/ .htZXvk[data-size="small"] [data-component=ButtonCounter]{font-size:12px;}/*!sc*/ .htZXvk[data-size="small"] [data-component="buttonContent"] > :not(:last-child){margin-right:4px;}/*!sc*/ .htZXvk[data-size="small"][data-component=IconButton]{width:28px;padding:unset;}/*!sc*/ .htZXvk[data-size="large"]{padding:0 16px;height:40px;gap:8px;}/*!sc*/ .htZXvk[data-size="large"] [data-component="buttonContent"] > :not(:last-child){margin-right:8px;}/*!sc*/ .htZXvk[data-size="large"][data-component=IconButton]{width:40px;padding:unset;}/*!sc*/ .htZXvk[data-block="block"]{width:100%;}/*!sc*/ .htZXvk[data-label-wrap="true"]{min-width:-webkit-fit-content;min-width:-moz-fit-content;min-width:fit-content;height:unset;min-height:var(--control-medium-size,2rem);}/*!sc*/ .htZXvk[data-label-wrap="true"] [data-component="buttonContent"]{-webkit-flex:1 1 auto;-ms-flex:1 1 auto;flex:1 1 auto;-webkit-align-self:stretch;-ms-flex-item-align:stretch;align-self:stretch;padding-block:calc(var(--control-medium-paddingBlock,0.375rem) - 2px);}/*!sc*/ .htZXvk[data-label-wrap="true"] [data-component="text"]{white-space:unset;word-break:break-word;}/*!sc*/ .htZXvk[data-label-wrap="true"][data-size="small"]{height:unset;min-height:var(--control-small-size,1.75rem);}/*!sc*/ .htZXvk[data-label-wrap="true"][data-size="small"] [data-component="buttonContent"]{padding-block:calc(var(--control-small-paddingBlock,0.25rem) - 2px);}/*!sc*/ .htZXvk[data-label-wrap="true"][data-size="large"]{height:unset;min-height:var(--control-large-size,2.5rem);padding-inline:var(--control-large-paddingInline-spacious,1rem);}/*!sc*/ .htZXvk[data-label-wrap="true"][data-size="large"] [data-component="buttonContent"]{padding-block:calc(var(--control-large-paddingBlock,0.625rem) - 2px);}/*!sc*/ .htZXvk[data-inactive]:not([disabled]){background-color:var(--button-inactive-bgColor,var(--button-inactive-bgColor-rest,var(--color-btn-inactive-bg,#eaeef2)));border-color:var(--button-inactive-bgColor,var(--button-inactive-bgColor-rest,var(--color-btn-inactive-bg,#eaeef2)));color:var(--button-inactive-fgColor,var(--button-inactive-fgColor-rest,var(--color-btn-inactive-text,#57606a)));}/*!sc*/ .htZXvk[data-inactive]:not([disabled]):focus-visible{box-shadow:none;}/*!sc*/ .htZXvk [data-component="leadingVisual"]{grid-area:leadingVisual;}/*!sc*/ .htZXvk [data-component="text"]{grid-area:text;line-height:calc(20/14);white-space:nowrap;}/*!sc*/ .htZXvk [data-component="trailingVisual"]{grid-area:trailingVisual;}/*!sc*/ .htZXvk [data-component="trailingAction"]{margin-right:-4px;}/*!sc*/ .htZXvk [data-component="buttonContent"]{-webkit-flex:1 0 auto;-ms-flex:1 0 auto;flex:1 0 auto;display:grid;grid-template-areas:"leadingVisual text trailingVisual";grid-template-columns:min-content minmax(0,auto) min-content;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-align-content:center;-ms-flex-line-pack:center;align-content:center;}/*!sc*/ .htZXvk [data-component="buttonContent"] > :not(:last-child){margin-right:8px;}/*!sc*/ .htZXvk [data-component="loadingSpinner"]{grid-area:text;margin-right:0px !important;place-self:center;}/*!sc*/ .htZXvk [data-component="loadingSpinner"] + [data-component="text"]{visibility:hidden;}/*!sc*/ .htZXvk:hover:not([disabled]):not([data-inactive]){background-color:var(--button-default-bgColor-hover,var(--color-btn-hover-bg,#f3f4f6));border-color:var(--button-default-borderColor-hover,var(--button-default-borderColor-hover,var(--color-btn-hover-border,rgba(31,35,40,0.15))));}/*!sc*/ .htZXvk:active:not([disabled]):not([data-inactive]){background-color:var(--button-default-bgColor-active,var(--color-btn-active-bg,hsla(220,14%,93%,1)));border-color:var(--button-default-borderColor-active,var(--button-default-borderColor-active,var(--color-btn-active-border,rgba(31,35,40,0.15))));}/*!sc*/ .htZXvk[aria-expanded=true]{background-color:var(--button-default-bgColor-active,var(--color-btn-active-bg,hsla(220,14%,93%,1)));border-color:var(--button-default-borderColor-active,var(--button-default-borderColor-active,var(--color-btn-active-border,rgba(31,35,40,0.15))));}/*!sc*/ .htZXvk [data-component="leadingVisual"],.htZXvk [data-component="trailingVisual"],.htZXvk [data-component="trailingAction"]{color:var(--button-color,var(--fgColor-muted,var(--color-fg-muted,#656d76)));}/*!sc*/ .htZXvk[data-component="IconButton"][data-no-visuals]{color:var(--fgColor-muted,var(--color-fg-muted,#656d76));}/*!sc*/ .htZXvk[data-no-visuals]{margin-left:16px;}/*!sc*/ @media (min-width:768px){.htZXvk[data-no-visuals]{margin-left:0;}}/*!sc*/ @media (min-width:1012px){.htZXvk[data-no-visuals]{display:none;}}/*!sc*/ .jCopKa{border-radius:6px;border:1px solid;border-color:transparent;font-family:inherit;font-weight:500;font-size:14px;cursor:pointer;-webkit-appearance:none;-moz-appearance:none;appearance:none;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;-webkit-text-decoration:none;text-decoration:none;text-align:center;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:justify;-webkit-justify-content:space-between;-ms-flex-pack:justify;justify-content:space-between;height:32px;padding:0 12px;gap:8px;min-width:-webkit-max-content;min-width:-moz-max-content;min-width:max-content;-webkit-transition:80ms cubic-bezier(0.65,0,0.35,1);transition:80ms cubic-bezier(0.65,0,0.35,1);-webkit-transition-property:color,fill,background-color,border-color;transition-property:color,fill,background-color,border-color;color:var(--button-default-fgColor-rest,var(--color-btn-text,#24292f));background-color:transparent;box-shadow:none;}/*!sc*/ .jCopKa:focus:not(:disabled){box-shadow:none;outline:2px solid var(--fgColor-accent,var(--color-accent-fg,#0969da));outline-offset:-2px;}/*!sc*/ .jCopKa:focus:not(:disabled):not(:focus-visible){outline:solid 1px transparent;}/*!sc*/ .jCopKa:focus-visible:not(:disabled){box-shadow:none;outline:2px solid var(--fgColor-accent,var(--color-accent-fg,#0969da));outline-offset:-2px;}/*!sc*/ .jCopKa[href]{display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;}/*!sc*/ .jCopKa[href]:hover{-webkit-text-decoration:none;text-decoration:none;}/*!sc*/ .jCopKa:hover{-webkit-transition-duration:80ms;transition-duration:80ms;}/*!sc*/ .jCopKa:active{-webkit-transition:none;transition:none;}/*!sc*/ .jCopKa[data-inactive]{cursor:auto;}/*!sc*/ .jCopKa:disabled{cursor:not-allowed;box-shadow:none;color:var(--fgColor-disabled,var(--color-primer-fg-disabled,#8c959f));}/*!sc*/ .jCopKa:disabled [data-component=ButtonCounter],.jCopKa:disabled [data-component="leadingVisual"],.jCopKa:disabled [data-component="trailingAction"]{color:inherit;}/*!sc*/ @media (forced-colors:active){.jCopKa:focus{outline:solid 1px transparent;}}/*!sc*/ .jCopKa [data-component=ButtonCounter]{font-size:12px;}/*!sc*/ .jCopKa[data-component=IconButton]{display:inline-grid;padding:unset;place-content:center;width:32px;min-width:unset;}/*!sc*/ .jCopKa[data-size="small"]{padding:0 8px;height:28px;gap:4px;font-size:12px;}/*!sc*/ .jCopKa[data-size="small"] [data-component="text"]{line-height:calc(20 / 12);}/*!sc*/ .jCopKa[data-size="small"] [data-component=ButtonCounter]{font-size:12px;}/*!sc*/ .jCopKa[data-size="small"] [data-component="buttonContent"] > :not(:last-child){margin-right:4px;}/*!sc*/ .jCopKa[data-size="small"][data-component=IconButton]{width:28px;padding:unset;}/*!sc*/ .jCopKa[data-size="large"]{padding:0 16px;height:40px;gap:8px;}/*!sc*/ .jCopKa[data-size="large"] [data-component="buttonContent"] > :not(:last-child){margin-right:8px;}/*!sc*/ .jCopKa[data-size="large"][data-component=IconButton]{width:40px;padding:unset;}/*!sc*/ .jCopKa[data-block="block"]{width:100%;}/*!sc*/ .jCopKa[data-label-wrap="true"]{min-width:-webkit-fit-content;min-width:-moz-fit-content;min-width:fit-content;height:unset;min-height:var(--control-medium-size,2rem);}/*!sc*/ .jCopKa[data-label-wrap="true"] [data-component="buttonContent"]{-webkit-flex:1 1 auto;-ms-flex:1 1 auto;flex:1 1 auto;-webkit-align-self:stretch;-ms-flex-item-align:stretch;align-self:stretch;padding-block:calc(var(--control-medium-paddingBlock,0.375rem) - 2px);}/*!sc*/ .jCopKa[data-label-wrap="true"] [data-component="text"]{white-space:unset;word-break:break-word;}/*!sc*/ .jCopKa[data-label-wrap="true"][data-size="small"]{height:unset;min-height:var(--control-small-size,1.75rem);}/*!sc*/ .jCopKa[data-label-wrap="true"][data-size="small"] [data-component="buttonContent"]{padding-block:calc(var(--control-small-paddingBlock,0.25rem) - 2px);}/*!sc*/ .jCopKa[data-label-wrap="true"][data-size="large"]{height:unset;min-height:var(--control-large-size,2.5rem);padding-inline:var(--control-large-paddingInline-spacious,1rem);}/*!sc*/ .jCopKa[data-label-wrap="true"][data-size="large"] [data-component="buttonContent"]{padding-block:calc(var(--control-large-paddingBlock,0.625rem) - 2px);}/*!sc*/ .jCopKa[data-inactive]:not([disabled]){background-color:var(--button-inactive-bgColor,var(--button-inactive-bgColor-rest,var(--color-btn-inactive-bg,#eaeef2)));border-color:var(--button-inactive-bgColor,var(--button-inactive-bgColor-rest,var(--color-btn-inactive-bg,#eaeef2)));color:var(--button-inactive-fgColor,var(--button-inactive-fgColor-rest,var(--color-btn-inactive-text,#57606a)));}/*!sc*/ .jCopKa[data-inactive]:not([disabled]):focus-visible{box-shadow:none;}/*!sc*/ .jCopKa [data-component="leadingVisual"]{grid-area:leadingVisual;color:var(--fgColor-muted,var(--color-fg-muted,#656d76));}/*!sc*/ .jCopKa [data-component="text"]{grid-area:text;line-height:calc(20/14);white-space:nowrap;}/*!sc*/ .jCopKa [data-component="trailingVisual"]{grid-area:trailingVisual;}/*!sc*/ .jCopKa [data-component="trailingAction"]{margin-right:-4px;color:var(--fgColor-muted,var(--color-fg-muted,#656d76));}/*!sc*/ .jCopKa [data-component="buttonContent"]{-webkit-flex:1 0 auto;-ms-flex:1 0 auto;flex:1 0 auto;display:grid;grid-template-areas:"leadingVisual text trailingVisual";grid-template-columns:min-content minmax(0,auto) min-content;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-align-content:center;-ms-flex-line-pack:center;align-content:center;}/*!sc*/ .jCopKa [data-component="buttonContent"] > :not(:last-child){margin-right:8px;}/*!sc*/ .jCopKa [data-component="loadingSpinner"]{grid-area:text;margin-right:0px !important;place-self:center;}/*!sc*/ .jCopKa [data-component="loadingSpinner"] + [data-component="text"]{visibility:hidden;}/*!sc*/ .jCopKa:hover:not([disabled]){background-color:var(--control-transparent-bgColor-hover,var(--color-action-list-item-default-hover-bg,rgba(208,215,222,0.32)));}/*!sc*/ .jCopKa:active:not([disabled]){background-color:var(--control-transparent-bgColor-active,var(--color-action-list-item-default-active-bg,rgba(208,215,222,0.48)));}/*!sc*/ .jCopKa[aria-expanded=true]{background-color:var(--control-transparent-bgColor-selected,var(--color-action-list-item-default-selected-bg,rgba(208,215,222,0.24)));}/*!sc*/ .jCopKa[data-component="IconButton"][data-no-visuals]{color:var(--fgColor-muted,var(--color-fg-muted,#656d76));}/*!sc*/ .jCopKa[data-no-visuals]{color:var(--fgColor-accent,var(--color-accent-fg,#0969da));}/*!sc*/ .jCopKa:has([data-component="ButtonCounter"]){color:var(--button-default-fgColor-rest,var(--color-btn-text,#24292f));}/*!sc*/ .jCopKa:disabled[data-no-visuals]{color:var(--fgColor-disabled,var(--color-primer-fg-disabled,#8c959f));}/*!sc*/ .jCopKa:disabled[data-no-visuals] [data-component=ButtonCounter]{color:inherit;}/*!sc*/ data-styled.g4[id="types__StyledButton-sc-ws60qy-0"]{content:"hXCKEr,jOdgLl,hmWbvh,lkeyoI,htZXvk,jCopKa,"}/*!sc*/ .eiGLpS{display:none;}/*!sc*/ .eiGLpS[popover]{position:absolute;padding:0.5em 0.75em;width:-webkit-max-content;width:-moz-max-content;width:max-content;margin:auto;-webkit-clip:auto;clip:auto;white-space:normal;font:normal normal 11px/1.5 -apple-system,BlinkMacSystemFont,"Segoe UI","Noto Sans",Helvetica,Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji";-webkit-font-smoothing:subpixel-antialiased;color:var(--fgColor-onEmphasis,var(--color-fg-on-emphasis,#ffffff));text-align:center;word-wrap:break-word;background:var(--bgColor-emphasis,var(--color-neutral-emphasis-plus,#24292f));border-radius:6px;border:0;opacity:0;max-width:250px;inset:auto;overflow:visible;}/*!sc*/ .eiGLpS[popover]:popover-open{display:block;}/*!sc*/ .eiGLpS[popover].\:popover-open{display:block;}/*!sc*/ @media (forced-colors:active){.eiGLpS{outline:1px solid transparent;}}/*!sc*/ .eiGLpS::after{position:absolute;display:block;right:0;left:0;height:var(--overlay-offset,0.25rem);content:'';}/*!sc*/ .eiGLpS[data-direction='n']::after,.eiGLpS[data-direction='ne']::after,.eiGLpS[data-direction='nw']::after{top:100%;}/*!sc*/ .eiGLpS[data-direction='s']::after,.eiGLpS[data-direction='se']::after,.eiGLpS[data-direction='sw']::after{bottom:100%;}/*!sc*/ .eiGLpS[data-direction='w']::after{position:absolute;display:block;height:100%;width:8px;content:'';bottom:0;left:100%;}/*!sc*/ .eiGLpS[data-direction='e']::after{position:absolute;display:block;height:100%;width:8px;content:'';bottom:0;right:100%;margin-left:-8px;}/*!sc*/ @-webkit-keyframes tooltip-appear{from{opacity:0;}to{opacity:1;}}/*!sc*/ @keyframes tooltip-appear{from{opacity:0;}to{opacity:1;}}/*!sc*/ .eiGLpS:popover-open,.eiGLpS:popover-open::before{-webkit-animation-name:tooltip-appear;animation-name:tooltip-appear;-webkit-animation-duration:0.1s;animation-duration:0.1s;-webkit-animation-fill-mode:forwards;animation-fill-mode:forwards;-webkit-animation-timing-function:ease-in;animation-timing-function:ease-in;-webkit-animation-delay:0s;animation-delay:0s;}/*!sc*/ .eiGLpS.\:popover-open,.eiGLpS.\:popover-open::before{-webkit-animation-name:tooltip-appear;animation-name:tooltip-appear;-webkit-animation-duration:0.1s;animation-duration:0.1s;-webkit-animation-fill-mode:forwards;animation-fill-mode:forwards;-webkit-animation-timing-function:ease-in;animation-timing-function:ease-in;-webkit-animation-delay:0s;animation-delay:0s;}/*!sc*/ data-styled.g8[id="Tooltip__StyledTooltip-sc-e45c7z-0"]{content:"eiGLpS,"}/*!sc*/ .daAEFx{-webkit-transform:rotate(0deg);-ms-transform:rotate(0deg);transform:rotate(0deg);}/*!sc*/ .gzcJGA{-webkit-transform:rotate(180deg);-ms-transform:rotate(180deg);transform:rotate(180deg);}/*!sc*/ data-styled.g11[id="Octicon-sc-9kayk9-0"]{content:"daAEFx,gzcJGA,"}/*!sc*/ .bebFBv{font-weight:600;font-size:32px;margin:0;font-size:14px;}/*!sc*/ @media (min-width:1012px) and (max-width:1400px){.bebFBv{margin-top:2rem;}}/*!sc*/ data-styled.g28[id="Heading__StyledHeading-sc-1c1dgg0-0"]{content:"bebFBv,"}/*!sc*/ .hgjakc{margin:0;padding-inline-start:0;padding-top:8px;padding-bottom:8px;}/*!sc*/ data-styled.g29[id="List__ListBox-sc-1x7olzq-0"]{content:"hgjakc,"}/*!sc*/ .itjSOb{position:relative;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;padding-left:8px;padding-right:8px;padding-top:6px;padding-bottom:6px;line-height:20px;min-height:5px;margin-left:8px;margin-right:8px;border-radius:6px;-webkit-transition:background 33.333ms linear;transition:background 33.333ms linear;color:var(--fgColor-default,var(--color-fg-default,#1F2328));cursor:pointer;-webkit-appearance:none;-moz-appearance:none;appearance:none;background:unset;border:unset;width:calc(100% - 16px);font-family:unset;text-align:unset;margin-top:unset;margin-bottom:unset;}/*!sc*/ .itjSOb[data-loading]{cursor:default;}/*!sc*/ .itjSOb[aria-disabled],.itjSOb[data-inactive]{cursor:not-allowed;}/*!sc*/ .itjSOb[aria-disabled] [data-component="ActionList.Checkbox"],.itjSOb[data-inactive] [data-component="ActionList.Checkbox"]{cursor:not-allowed;background-color:var(--color-input-disabled-bg,rgba(175,184,193,0.2));border-color:var(--color-input-disabled-bg,rgba(175,184,193,0.2));}/*!sc*/ @media (forced-colors:active){.itjSOb:focus,.itjSOb:focus-visible,.itjSOb > a.focus-visible{outline:solid 1px transparent !important;}}/*!sc*/ .itjSOb [data-component="ActionList.Item--DividerContainer"]{position:relative;}/*!sc*/ .itjSOb [data-component="ActionList.Item--DividerContainer"]::before{content:" ";display:block;position:absolute;width:100%;top:-7px;border:0 solid;border-top-width:0;border-color:var(--divider-color,transparent);}/*!sc*/ .itjSOb:not(:first-of-type){--divider-color:var(--borderColor-muted,var(--color-action-list-item-inline-divider,rgba(208,215,222,0.48)));}/*!sc*/ [data-component="ActionList.Divider"] + .Item__LiBox-sc-yeql7o-0{--divider-color:transparent !important;}/*!sc*/ .itjSOb:hover:not([aria-disabled]):not([data-inactive]):not([data-loading]),.itjSOb[data-focus-visible-added]:not([aria-disabled]):not([data-inactive]){--divider-color:transparent;}/*!sc*/ .itjSOb:hover:not([aria-disabled]):not([data-inactive]):not([data-loading]) + .Item__LiBox-sc-yeql7o-0,.itjSOb[data-focus-visible-added] + li{--divider-color:transparent;}/*!sc*/ @media (hover:hover) and (pointer:fine){.itjSOb:hover:not([aria-disabled]):not([data-inactive]){background-color:var(--control-transparent-bgColor-hover,var(--color-action-list-item-default-hover-bg,rgba(208,215,222,0.32)));color:var(--fgColor-default,var(--color-fg-default,#1F2328));box-shadow:inset 0 0 0 max(1px,0.0625rem) var(--control-transparent-borderColor-active,var(--color-action-list-item-default-active-border,transparent));}.itjSOb:focus-visible,.itjSOb > a.focus-visible,.itjSOb:focus.focus-visible{outline:none;border:2 solid;box-shadow:0 0 0 2px var(--bgColor-accent-emphasis,var(--color-accent-emphasis,#0969da));}.itjSOb:active:not([aria-disabled]):not([data-inactive]){background-color:var(--control-transparent-bgColor-active,var(--color-action-list-item-default-active-bg,rgba(208,215,222,0.48)));color:var(--fgColor-default,var(--color-fg-default,#1F2328));}}/*!sc*/ .lnYQME{position:relative;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;padding-left:0;padding-right:0;font-size:14px;padding-top:0;padding-bottom:0;line-height:20px;min-height:5px;margin-left:8px;margin-right:8px;border-radius:6px;-webkit-transition:background 33.333ms linear;transition:background 33.333ms linear;color:var(--fgColor-default,var(--color-fg-default,#1F2328));cursor:pointer;-webkit-appearance:none;-moz-appearance:none;appearance:none;background:unset;border:unset;width:calc(100% - 16px);font-family:unset;text-align:unset;margin-top:unset;margin-bottom:unset;}/*!sc*/ .lnYQME[data-loading]{cursor:default;}/*!sc*/ .lnYQME[aria-disabled],.lnYQME[data-inactive]{cursor:not-allowed;}/*!sc*/ .lnYQME[aria-disabled] [data-component="ActionList.Checkbox"],.lnYQME[data-inactive] [data-component="ActionList.Checkbox"]{cursor:not-allowed;background-color:var(--color-input-disabled-bg,rgba(175,184,193,0.2));border-color:var(--color-input-disabled-bg,rgba(175,184,193,0.2));}/*!sc*/ @media (forced-colors:active){.lnYQME:focus,.lnYQME:focus-visible,.lnYQME > a.focus-visible{outline:solid 1px transparent !important;}}/*!sc*/ .lnYQME [data-component="ActionList.Item--DividerContainer"]{position:relative;}/*!sc*/ .lnYQME [data-component="ActionList.Item--DividerContainer"]::before{content:" ";display:block;position:absolute;width:100%;top:-7px;border:0 solid;border-top-width:0;border-color:var(--divider-color,transparent);}/*!sc*/ .lnYQME:not(:first-of-type){--divider-color:var(--borderColor-muted,var(--color-action-list-item-inline-divider,rgba(208,215,222,0.48)));}/*!sc*/ [data-component="ActionList.Divider"] + .Item__LiBox-sc-yeql7o-0{--divider-color:transparent !important;}/*!sc*/ .lnYQME:hover:not([aria-disabled]):not([data-inactive]):not([data-loading]),.lnYQME[data-focus-visible-added]:not([aria-disabled]):not([data-inactive]){--divider-color:transparent;}/*!sc*/ .lnYQME:hover:not([aria-disabled]):not([data-inactive]):not([data-loading]) + .Item__LiBox-sc-yeql7o-0,.lnYQME[data-focus-visible-added] + li{--divider-color:transparent;}/*!sc*/ @media (hover:hover) and (pointer:fine){.lnYQME:hover:not([aria-disabled]):not([data-inactive]){background-color:var(--control-transparent-bgColor-hover,var(--color-action-list-item-default-hover-bg,rgba(208,215,222,0.32)));color:var(--fgColor-default,var(--color-fg-default,#1F2328));box-shadow:inset 0 0 0 max(1px,0.0625rem) var(--control-transparent-borderColor-active,var(--color-action-list-item-default-active-border,transparent));}.lnYQME:focus-visible,.lnYQME > a.focus-visible,.lnYQME:focus.focus-visible{outline:none;border:2 solid;box-shadow:0 0 0 2px var(--bgColor-accent-emphasis,var(--color-accent-emphasis,#0969da));}.lnYQME:active:not([aria-disabled]):not([data-inactive]){background-color:var(--control-transparent-bgColor-active,var(--color-action-list-item-default-active-bg,rgba(208,215,222,0.48)));color:var(--fgColor-default,var(--color-fg-default,#1F2328));}}/*!sc*/ .kXKjOF{position:relative;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;padding-left:16px;padding-right:8px;font-size:12px;padding-top:6px;padding-bottom:6px;line-height:20px;min-height:5px;margin-left:8px;margin-right:8px;border-radius:6px;-webkit-transition:background 33.333ms linear;transition:background 33.333ms linear;color:var(--fgColor-default,var(--color-fg-default,#1F2328));cursor:pointer;-webkit-appearance:none;-moz-appearance:none;appearance:none;background:unset;border:unset;width:calc(100% - 16px);font-family:unset;text-align:unset;margin-top:unset;margin-bottom:unset;}/*!sc*/ .kXKjOF[data-loading]{cursor:default;}/*!sc*/ .kXKjOF[aria-disabled],.kXKjOF[data-inactive]{cursor:not-allowed;}/*!sc*/ .kXKjOF[aria-disabled] [data-component="ActionList.Checkbox"],.kXKjOF[data-inactive] [data-component="ActionList.Checkbox"]{cursor:not-allowed;background-color:var(--color-input-disabled-bg,rgba(175,184,193,0.2));border-color:var(--color-input-disabled-bg,rgba(175,184,193,0.2));}/*!sc*/ @media (forced-colors:active){.kXKjOF:focus,.kXKjOF:focus-visible,.kXKjOF > a.focus-visible{outline:solid 1px transparent !important;}}/*!sc*/ .kXKjOF [data-component="ActionList.Item--DividerContainer"]{position:relative;}/*!sc*/ .kXKjOF [data-component="ActionList.Item--DividerContainer"]::before{content:" ";display:block;position:absolute;width:100%;top:-7px;border:0 solid;border-top-width:0;border-color:var(--divider-color,transparent);}/*!sc*/ .kXKjOF:not(:first-of-type){--divider-color:var(--borderColor-muted,var(--color-action-list-item-inline-divider,rgba(208,215,222,0.48)));}/*!sc*/ [data-component="ActionList.Divider"] + .Item__LiBox-sc-yeql7o-0{--divider-color:transparent !important;}/*!sc*/ .kXKjOF:hover:not([aria-disabled]):not([data-inactive]):not([data-loading]),.kXKjOF[data-focus-visible-added]:not([aria-disabled]):not([data-inactive]){--divider-color:transparent;}/*!sc*/ .kXKjOF:hover:not([aria-disabled]):not([data-inactive]):not([data-loading]) + .Item__LiBox-sc-yeql7o-0,.kXKjOF[data-focus-visible-added] + li{--divider-color:transparent;}/*!sc*/ @media (hover:hover) and (pointer:fine){.kXKjOF:hover:not([aria-disabled]):not([data-inactive]){background-color:var(--control-transparent-bgColor-hover,var(--color-action-list-item-default-hover-bg,rgba(208,215,222,0.32)));color:var(--fgColor-default,var(--color-fg-default,#1F2328));box-shadow:inset 0 0 0 max(1px,0.0625rem) var(--control-transparent-borderColor-active,var(--color-action-list-item-default-active-border,transparent));}.kXKjOF:focus-visible,.kXKjOF > a.focus-visible,.kXKjOF:focus.focus-visible{outline:none;border:2 solid;box-shadow:0 0 0 2px var(--bgColor-accent-emphasis,var(--color-accent-emphasis,#0969da));}.kXKjOF:active:not([aria-disabled]):not([data-inactive]){background-color:var(--control-transparent-bgColor-active,var(--color-action-list-item-default-active-bg,rgba(208,215,222,0.48)));color:var(--fgColor-default,var(--color-fg-default,#1F2328));}}/*!sc*/ .hTSEii{position:relative;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;padding-left:0;padding-right:0;font-size:14px;padding-top:0;padding-bottom:0;line-height:20px;min-height:5px;margin-left:8px;margin-right:8px;border-radius:6px;-webkit-transition:background 33.333ms linear;transition:background 33.333ms linear;color:var(--fgColor-default,var(--color-fg-default,#1F2328));cursor:pointer;-webkit-appearance:none;-moz-appearance:none;appearance:none;background:unset;border:unset;width:calc(100% - 16px);font-family:unset;text-align:unset;margin-top:unset;margin-bottom:unset;font-weight:600;background-color:var(--control-transparent-bgColor-selected,var(--color-action-list-item-default-selected-bg,rgba(208,215,222,0.24)));}/*!sc*/ .hTSEii[data-loading]{cursor:default;}/*!sc*/ .hTSEii[aria-disabled],.hTSEii[data-inactive]{cursor:not-allowed;}/*!sc*/ .hTSEii[aria-disabled] [data-component="ActionList.Checkbox"],.hTSEii[data-inactive] [data-component="ActionList.Checkbox"]{cursor:not-allowed;background-color:var(--color-input-disabled-bg,rgba(175,184,193,0.2));border-color:var(--color-input-disabled-bg,rgba(175,184,193,0.2));}/*!sc*/ @media (forced-colors:active){.hTSEii:focus,.hTSEii:focus-visible,.hTSEii > a.focus-visible{outline:solid 1px transparent !important;}}/*!sc*/ .hTSEii [data-component="ActionList.Item--DividerContainer"]{position:relative;}/*!sc*/ .hTSEii [data-component="ActionList.Item--DividerContainer"]::before{content:" ";display:block;position:absolute;width:100%;top:-7px;border:0 solid;border-top-width:0;border-color:var(--divider-color,transparent);}/*!sc*/ .hTSEii:not(:first-of-type){--divider-color:var(--borderColor-muted,var(--color-action-list-item-inline-divider,rgba(208,215,222,0.48)));}/*!sc*/ [data-component="ActionList.Divider"] + .Item__LiBox-sc-yeql7o-0{--divider-color:transparent !important;}/*!sc*/ .hTSEii:hover:not([aria-disabled]):not([data-inactive]):not([data-loading]),.hTSEii[data-focus-visible-added]:not([aria-disabled]):not([data-inactive]){--divider-color:transparent;}/*!sc*/ .hTSEii:hover:not([aria-disabled]):not([data-inactive]):not([data-loading]) + .Item__LiBox-sc-yeql7o-0,.hTSEii[data-focus-visible-added] + li{--divider-color:transparent;}/*!sc*/ .hTSEii::after{position:absolute;top:calc(50% - 12px);left:-8px;width:4px;height:24px;content:"";background-color:var(--fgColor-accent,var(--color-accent-fg,#0969da));border-radius:6px;}/*!sc*/ @media (hover:hover) and (pointer:fine){.hTSEii:hover:not([aria-disabled]):not([data-inactive]){background-color:var(--control-transparent-bgColor-hover,var(--color-action-list-item-default-hover-bg,rgba(208,215,222,0.32)));color:var(--fgColor-default,var(--color-fg-default,#1F2328));box-shadow:inset 0 0 0 max(1px,0.0625rem) var(--control-transparent-borderColor-active,var(--color-action-list-item-default-active-border,transparent));}.hTSEii:focus-visible,.hTSEii > a.focus-visible,.hTSEii:focus.focus-visible{outline:none;border:2 solid;box-shadow:0 0 0 2px var(--bgColor-accent-emphasis,var(--color-accent-emphasis,#0969da));}.hTSEii:active:not([aria-disabled]):not([data-inactive]){background-color:var(--control-transparent-bgColor-active,var(--color-action-list-item-default-active-bg,rgba(208,215,222,0.48)));color:var(--fgColor-default,var(--color-fg-default,#1F2328));}}/*!sc*/ data-styled.g31[id="Item__LiBox-sc-yeql7o-0"]{content:"itjSOb,lnYQME,kXKjOF,hTSEii,"}/*!sc*/ .fuIgwR{color:var(--fgColor-accent,var(--color-accent-fg,#0969da));-webkit-text-decoration:none;text-decoration:none;padding-left:16px;padding-right:8px;padding-top:6px;padding-bottom:6px;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-box-flex:1;-webkit-flex-grow:1;-ms-flex-positive:1;flex-grow:1;border-radius:6px;color:inherit;font-size:12px;font-weight:400;}/*!sc*/ [data-a11y-link-underlines='true'] .Link__StyledLink-sc-14289xe-0[data-inline='true']{-webkit-text-decoration:underline;text-decoration:underline;}/*!sc*/ .fuIgwR:hover{-webkit-text-decoration:underline;text-decoration:underline;}/*!sc*/ .fuIgwR:is(button){display:inline-block;padding:0;font-size:inherit;white-space:nowrap;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;background-color:transparent;border:0;-webkit-appearance:none;-moz-appearance:none;appearance:none;}/*!sc*/ .fuIgwR:hover{color:inherit;-webkit-text-decoration:none;text-decoration:none;}/*!sc*/ .dibTck{color:var(--fgColor-accent,var(--color-accent-fg,#0969da));-webkit-text-decoration:none;text-decoration:none;padding-left:24px;padding-right:8px;padding-top:6px;padding-bottom:6px;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-box-flex:1;-webkit-flex-grow:1;-ms-flex-positive:1;flex-grow:1;border-radius:6px;color:inherit;font-size:12px;font-weight:400;}/*!sc*/ [data-a11y-link-underlines='true'] .Link__StyledLink-sc-14289xe-0[data-inline='true']{-webkit-text-decoration:underline;text-decoration:underline;}/*!sc*/ .dibTck:hover{-webkit-text-decoration:underline;text-decoration:underline;}/*!sc*/ .dibTck:is(button){display:inline-block;padding:0;font-size:inherit;white-space:nowrap;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;background-color:transparent;border:0;-webkit-appearance:none;-moz-appearance:none;appearance:none;}/*!sc*/ .dibTck:hover{color:inherit;-webkit-text-decoration:none;text-decoration:none;}/*!sc*/ .cJbOew{color:var(--fgColor-accent,var(--color-accent-fg,#0969da));-webkit-text-decoration:none;text-decoration:none;padding-left:8px;padding-right:8px;padding-top:6px;padding-bottom:6px;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-box-flex:1;-webkit-flex-grow:1;-ms-flex-positive:1;flex-grow:1;border-radius:6px;color:inherit;}/*!sc*/ [data-a11y-link-underlines='true'] .Link__StyledLink-sc-14289xe-0[data-inline='true']{-webkit-text-decoration:underline;text-decoration:underline;}/*!sc*/ .cJbOew:hover{-webkit-text-decoration:underline;text-decoration:underline;}/*!sc*/ .cJbOew:is(button){display:inline-block;padding:0;font-size:inherit;white-space:nowrap;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;background-color:transparent;border:0;-webkit-appearance:none;-moz-appearance:none;appearance:none;}/*!sc*/ .cJbOew:hover{color:inherit;-webkit-text-decoration:none;text-decoration:none;}/*!sc*/ data-styled.g32[id="Link__StyledLink-sc-14289xe-0"]{content:"fuIgwR,dibTck,cJbOew,"}/*!sc*/ .cnCOhW{font-size:14px;line-height:20px;color:var(--fgColor-default,var(--color-fg-default,#1F2328));vertical-align:middle;background-color:var(--bgColor-default,var(--color-canvas-default,#ffffff));border:1px solid var(--control-borderColor-rest,var(--borderColor-default,var(--color-border-default,#d0d7de)));border-radius:6px;outline:none;box-shadow:var(--shadow-inset,var(--color-primer-shadow-inset,inset 0 1px 0 rgba(208,215,222,0.2)));display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;-webkit-align-items:stretch;-webkit-box-align:stretch;-ms-flex-align:stretch;align-items:stretch;min-height:32px;overflow:hidden;width:100%;height:2rem;-webkit-transition:width 0.3s ease-in-out;transition:width 0.3s ease-in-out;border-bottom-right-radius:unset;border-top-right-radius:unset;border-right:none;min-width:15rem;}/*!sc*/ .cnCOhW input,.cnCOhW textarea{cursor:text;}/*!sc*/ .cnCOhW select{cursor:pointer;}/*!sc*/ .cnCOhW input::-webkit-input-placeholder,.cnCOhW textarea::-webkit-input-placeholder,.cnCOhW select::-webkit-input-placeholder{color:var(---control-fgColor-placeholder,var(--fgColor-muted,var(--color-fg-muted,#656d76)));}/*!sc*/ .cnCOhW input::-moz-placeholder,.cnCOhW textarea::-moz-placeholder,.cnCOhW select::-moz-placeholder{color:var(---control-fgColor-placeholder,var(--fgColor-muted,var(--color-fg-muted,#656d76)));}/*!sc*/ .cnCOhW input:-ms-input-placeholder,.cnCOhW textarea:-ms-input-placeholder,.cnCOhW select:-ms-input-placeholder{color:var(---control-fgColor-placeholder,var(--fgColor-muted,var(--color-fg-muted,#656d76)));}/*!sc*/ .cnCOhW input::placeholder,.cnCOhW textarea::placeholder,.cnCOhW select::placeholder{color:var(---control-fgColor-placeholder,var(--fgColor-muted,var(--color-fg-muted,#656d76)));}/*!sc*/ .cnCOhW:focus-within{border-color:var(--fgColor-accent,var(--color-accent-fg,#0969da));outline:2px solid var(--fgColor-accent,var(--color-accent-fg,#0969da));outline-offset:-1px;}/*!sc*/ .cnCOhW > textarea{padding:12px;}/*!sc*/ @media (min-width:768px){.cnCOhW{font-size:14px;}}/*!sc*/ data-styled.g34[id="TextInputWrapper__TextInputBaseWrapper-sc-1mqhpbi-0"]{content:"cnCOhW,"}/*!sc*/ .hmJNAM{background-repeat:no-repeat;background-position:right 8px center;padding-left:0;padding-right:0;width:100%;height:2rem;-webkit-transition:width 0.3s ease-in-out;transition:width 0.3s ease-in-out;border-bottom-right-radius:unset;border-top-right-radius:unset;border-right:none;min-width:15rem;}/*!sc*/ .hmJNAM > :not(:last-child){margin-right:8px;}/*!sc*/ .hmJNAM .TextInput-icon,.hmJNAM .TextInput-action{-webkit-align-self:center;-ms-flex-item-align:center;align-self:center;color:var(--fgColor-muted,var(--color-fg-muted,#656d76));-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;}/*!sc*/ .hmJNAM > input,.hmJNAM > select{padding-left:12px;padding-right:12px;}/*!sc*/ data-styled.g35[id="TextInputWrapper-sc-1mqhpbi-1"]{content:"hmJNAM,"}/*!sc*/ .jvumlb{border:0;font-size:inherit;font-family:inherit;background-color:transparent;-webkit-appearance:none;color:inherit;width:100%;}/*!sc*/ .jvumlb:focus{outline:0;}/*!sc*/ data-styled.g36[id="UnstyledTextInput-sc-14ypya-0"]{content:"jvumlb,"}/*!sc*/ </style></head><body><div id="__next"><a href="#main-content" class="visually-hidden skip-button color-bg-accent-emphasis color-fg-on-emphasis">Skip to main content</a><div data-container="header" class="border-bottom d-unset color-border-muted no-print z-3 color-bg-default Header_header__frpqb"><div data-container="notifications"></div><header class="color-bg-default p-2 position-sticky top-0 z-1 border-bottom" role="banner" aria-label="Main"><div class="d-flex flex-justify-between p-2 flex-items-center flex-wrap" data-testid="desktop-header"><div tabindex="-1" class="Header_logoWithClosedSearch__zhF6Q" id="github-logo"><a rel="" class="d-flex flex-items-center color-fg-default no-underline mr-3" href="/en"><svg aria-hidden="true" focusable="false" class="octicon octicon-mark-github" viewBox="0 0 24 24" width="32" height="32" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path d="M12.5.75C6.146.75 1 5.896 1 12.25c0 5.089 3.292 9.387 7.863 10.91.575.101.79-.244.79-.546 0-.273-.014-1.178-.014-2.142-2.889.532-3.636-.704-3.866-1.35-.13-.331-.69-1.352-1.18-1.625-.402-.216-.977-.748-.014-.762.906-.014 1.553.834 1.769 1.179 1.035 1.74 2.688 1.25 3.349.948.1-.747.402-1.25.733-1.538-2.559-.287-5.232-1.279-5.232-5.678 0-1.25.445-2.285 1.178-3.09-.115-.288-.517-1.467.115-3.048 0 0 .963-.302 3.163 1.179.92-.259 1.897-.388 2.875-.388.977 0 1.955.13 2.875.388 2.2-1.495 3.162-1.179 3.162-1.179.633 1.581.23 2.76.115 3.048.733.805 1.179 1.825 1.179 3.09 0 4.413-2.688 5.39-5.247 5.678.417.36.776 1.05.776 2.128 0 1.538-.014 2.774-.014 3.162 0 .302.216.662.79.547C20.709 21.637 24 17.324 24 12.25 24 5.896 18.854.75 12.5.75Z"></path></svg><span class="h4 text-semibold ml-2 mr-3">GitHub Docs</span></a><div class="hide-sm border-left pl-3"><div data-testid="version-picker" class=""><button type="button" aria-label="Select GitHub product version: current version is free-pro-team@latest" class="types__StyledButton-sc-ws60qy-0 hXCKEr color-fg-default width-full p-1 pl-2 pr-2" aria-haspopup="true" aria-expanded="false" tabindex="0" data-loading="false" aria-describedby=":Ripn6:-loading-announcement" id=":Ripn6:"><span data-component="buttonContent" class="Box-sc-g0xbh4-0 cEhRXB"><span data-component="text"><span style="white-space:pre-wrap">Version: </span><span class="f5 color-fg-muted text-normal" data-testid="field">Free, Pro, &amp; Team</span></span></span><span data-component="trailingAction" class="Box-sc-g0xbh4-0 dmdEgz"><svg aria-hidden="true" focusable="false" class="octicon octicon-triangle-down" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path d="m4.427 7.427 3.396 3.396a.25.25 0 0 0 .354 0l3.396-3.396A.25.25 0 0 0 11.396 7H4.604a.25.25 0 0 0-.177.427Z"></path></svg></span></button></div></div></div><div class="d-flex flex-items-center"><div class="Header_searchContainerWithClosedSearch__h372b mr-3"><div data-testid="search"><div class="position-relative z-2"><form role="search" class="width-full d-flex"><meta name="viewport" content="width=device-width initial-scale=1"/><label class="text-normal width-full"><span class="visually-hidden" aria-describedby="Enter a search term to find it in the GitHub Docs.">Search GitHub Docs</span><span class="TextInputWrapper__TextInputBaseWrapper-sc-1mqhpbi-0 TextInputWrapper-sc-1mqhpbi-1 cnCOhW hmJNAM TextInput-wrapper" aria-busy="false"><input type="search" aria-required="true" data-testid="site-search-input" placeholder="Search GitHub Docs" autoComplete="off" autoCorrect="off" autoCapitalize="off" spellcheck="false" maxLength="512" aria-label="Search GitHub Docs" aria-describedby="Enter a search term to find it in the GitHub Docs." data-component="input" class="UnstyledTextInput-sc-14ypya-0 jvumlb" value=""/></span></label><button data-component="IconButton" type="submit" data-loading="false" data-no-visuals="true" aria-describedby=":Rucpn6:-loading-announcement" aria-labelledby=":R6cpn6:" class="types__StyledButton-sc-ws60qy-0 jOdgLl"><svg aria-hidden="true" focusable="false" class="octicon octicon-search" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path d="M10.68 11.74a6 6 0 0 1-7.922-8.982 6 6 0 0 1 8.982 7.922l3.04 3.04a.749.749 0 0 1-.326 1.275.749.749 0 0 1-.734-.215ZM11.5 7a4.499 4.499 0 1 0-8.997 0A4.499 4.499 0 0 0 11.5 7Z"></path></svg></button><span data-direction="s" aria-hidden="true" id=":R6cpn6:" class="Tooltip__StyledTooltip-sc-e45c7z-0 eiGLpS">Search</span></form></div></div></div><div class="d-none d-lg-flex flex-items-center"><div data-testid="language-picker" class="d-flex"><button data-component="IconButton" type="button" aria-haspopup="true" aria-expanded="false" tabindex="0" data-loading="false" data-no-visuals="true" aria-describedby=":Rkpn6:-loading-announcement" aria-labelledby=":Rukpn6:" id=":Rkpn6:" class="types__StyledButton-sc-ws60qy-0 hmWbvh"><svg aria-hidden="true" focusable="false" class="octicon octicon-globe" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path d="M8 0a8 8 0 1 1 0 16A8 8 0 0 1 8 0ZM5.78 8.75a9.64 9.64 0 0 0 1.363 4.177c.255.426.542.832.857 1.215.245-.296.551-.705.857-1.215A9.64 9.64 0 0 0 10.22 8.75Zm4.44-1.5a9.64 9.64 0 0 0-1.363-4.177c-.307-.51-.612-.919-.857-1.215a9.927 9.927 0 0 0-.857 1.215A9.64 9.64 0 0 0 5.78 7.25Zm-5.944 1.5H1.543a6.507 6.507 0 0 0 4.666 5.5c-.123-.181-.24-.365-.352-.552-.715-1.192-1.437-2.874-1.581-4.948Zm-2.733-1.5h2.733c.144-2.074.866-3.756 1.58-4.948.12-.197.237-.381.353-.552a6.507 6.507 0 0 0-4.666 5.5Zm10.181 1.5c-.144 2.074-.866 3.756-1.58 4.948-.12.197-.237.381-.353.552a6.507 6.507 0 0 0 4.666-5.5Zm2.733-1.5a6.507 6.507 0 0 0-4.666-5.5c.123.181.24.365.353.552.714 1.192 1.436 2.874 1.58 4.948Z"></path></svg></button><span data-direction="s" aria-hidden="true" id=":Rukpn6:" class="Tooltip__StyledTooltip-sc-e45c7z-0 eiGLpS">Select language: current language is English</span></div></div><button data-component="IconButton" type="button" class="types__StyledButton-sc-ws60qy-0 hmWbvh hide-lg hide-xl d-flex flex-items-center" data-testid="mobile-search-button" aria-expanded="false" data-loading="false" data-no-visuals="true" aria-describedby=":R74pn6:-loading-announcement" aria-labelledby=":R14pn6:"><svg aria-hidden="true" focusable="false" class="octicon octicon-search" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path d="M10.68 11.74a6 6 0 0 1-7.922-8.982 6 6 0 0 1 8.982 7.922l3.04 3.04a.749.749 0 0 1-.326 1.275.749.749 0 0 1-.734-.215ZM11.5 7a4.499 4.499 0 1 0-8.997 0A4.499 4.499 0 0 0 11.5 7Z"></path></svg></button><span data-direction="s" aria-hidden="true" id=":R14pn6:" class="Tooltip__StyledTooltip-sc-e45c7z-0 eiGLpS">Open Search Bar</span><button data-component="IconButton" type="button" class="types__StyledButton-sc-ws60qy-0 lkeyoI px-3" data-testid="mobile-search-button" aria-expanded="false" data-loading="false" data-no-visuals="true" aria-describedby=":R7cpn6:-loading-announcement" aria-labelledby=":R1cpn6:"><svg aria-hidden="true" focusable="false" class="octicon octicon-x" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path d="M3.72 3.72a.75.75 0 0 1 1.06 0L8 6.94l3.22-3.22a.749.749 0 0 1 1.275.326.749.749 0 0 1-.215.734L9.06 8l3.22 3.22a.749.749 0 0 1-.326 1.275.749.749 0 0 1-.734-.215L8 9.06l-3.22 3.22a.751.751 0 0 1-1.042-.018.751.751 0 0 1-.018-1.042L6.94 8 3.72 4.78a.75.75 0 0 1 0-1.06Z"></path></svg></button><span data-direction="s" aria-hidden="true" id=":R1cpn6:" class="Tooltip__StyledTooltip-sc-e45c7z-0 eiGLpS">Close Search Bar</span><div><button data-component="IconButton" type="button" data-testid="mobile-menu" aria-haspopup="true" aria-expanded="false" tabindex="0" data-loading="false" data-no-visuals="true" aria-describedby=":R1kpn6:-loading-announcement" aria-labelledby=":Rvkpn6:" id=":R1kpn6:" class="types__StyledButton-sc-ws60qy-0 htZXvk"><svg aria-hidden="true" focusable="false" class="octicon octicon-kebab-horizontal" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path d="M8 9a1.5 1.5 0 1 0 0-3 1.5 1.5 0 0 0 0 3ZM1.5 9a1.5 1.5 0 1 0 0-3 1.5 1.5 0 0 0 0 3Zm13 0a1.5 1.5 0 1 0 0-3 1.5 1.5 0 0 0 0 3Z"></path></svg></button><span data-direction="s" aria-hidden="true" id=":Rvkpn6:" class="Tooltip__StyledTooltip-sc-e45c7z-0 eiGLpS">Open Menu</span></div></div></div><div class="d-flex flex-items-center d-xxl-none mt-2" data-testid="header-subnav"><div class="mr-2" data-testid="header-subnav-hamburger"><button data-component="IconButton" type="button" data-testid="sidebar-hamburger" class="types__StyledButton-sc-ws60qy-0 jCopKa color-fg-muted" data-loading="false" data-no-visuals="true" aria-describedby=":R3b9n6:-loading-announcement" aria-labelledby=":Rb9n6:"><svg aria-hidden="true" focusable="false" class="octicon octicon-three-bars" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path d="M1 2.75A.75.75 0 0 1 1.75 2h12.5a.75.75 0 0 1 0 1.5H1.75A.75.75 0 0 1 1 2.75Zm0 5A.75.75 0 0 1 1.75 7h12.5a.75.75 0 0 1 0 1.5H1.75A.75.75 0 0 1 1 7.75ZM1.75 12h12.5a.75.75 0 0 1 0 1.5H1.75a.75.75 0 0 1 0-1.5Z"></path></svg></button><span data-direction="s" aria-hidden="true" id=":Rb9n6:" class="Tooltip__StyledTooltip-sc-e45c7z-0 eiGLpS">Open Sidebar</span></div><div class="mr-auto width-full" data-search="breadcrumbs"><nav data-testid="breadcrumbs-header" class="f5 breadcrumbs Breadcrumbs_breadcrumbs__xAC4i" aria-label="Breadcrumb" data-container="breadcrumbs"><ul><li class="d-inline-block"><a rel="" data-testid="breadcrumb-link" title="Code security" class="Link--primary mr-2 color-fg-muted" href="/en/code-security">Code security</a><span class="color-fg-muted pr-2">/</span></li><li class="d-inline-block"><a rel="" data-testid="breadcrumb-link" title="Code scanning" class="Link--primary mr-2 color-fg-muted" href="/en/code-security/code-scanning">Code scanning</a><span class="color-fg-muted pr-2">/</span></li><li class="d-inline-block"><a rel="" data-testid="breadcrumb-link" title="Create advanced setup" class="Link--primary mr-2 color-fg-muted" href="/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning">Create advanced setup</a><span class="color-fg-muted pr-2">/</span></li><li class="d-inline-block"><a rel="" data-testid="breadcrumb-link" title="Customize advanced setup" class="Link--primary mr-2 color-fg-muted" href="/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning">Customize advanced setup</a></li></ul></nav></div></div></header></div><div class="d-lg-flex"><div data-container="nav" class="position-sticky d-none border-right d-xxl-block" style="width:326px;height:calc(100vh - 65px);top:65px"><nav aria-labelledby="allproducts-menu"><div class="d-none px-4 pb-3 border-bottom d-xxl-block"><div class="mt-3"><a rel="" class="f6 pl-2 pr-5 ml-n1 pb-1 Link--primary color-fg-default" href="/en"><svg aria-hidden="true" focusable="false" class="mr-1" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path d="M7.78 12.53a.75.75 0 0 1-1.06 0L2.47 8.28a.75.75 0 0 1 0-1.06l4.25-4.25a.751.751 0 0 1 1.042.018.751.751 0 0 1 .018 1.042L4.81 7h7.44a.75.75 0 0 1 0 1.5H4.81l2.97 2.97a.75.75 0 0 1 0 1.06Z"></path></svg>Home</a></div><div class="mt-3" id="allproducts-menu"><a rel="" data-testid="sidebar-product-xl" class="d-block pl-1 mb-2 h3 color-fg-default no-underline _product-title" href="/en/code-security">Code security</a></div></div><div class="border-right d-none d-xxl-block bg-primary overflow-y-auto flex-shrink-0" style="width:326px;height:calc(100vh - 175px);padding-bottom:185px"><div data-testid="sidebar" style="overflow-y:auto" class="pt-3"><div class="ml-3" data-testid="product-sidebar"><nav aria-label="Product sidebar" class="NavList__NavBox-sc-1c8ygf7-0"><ul class="List__ListBox-sc-1x7olzq-0 hgjakc"><li aria-labelledby=":R3b6n6:" class="Box-sc-g0xbh4-0 Ywlla"><button tabindex="0" aria-labelledby=":R3b6n6:--label " id=":R3b6n6:" aria-expanded="false" aria-controls=":R3b6n6H1:" class="Item__LiBox-sc-yeql7o-0 itjSOb"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><div class="Box-sc-g0xbh4-0 cUxMoC"><span id=":R3b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Getting started</span><span class="Box-sc-g0xbh4-0 lmYNOb"><svg aria-hidden="true" focusable="false" class="Octicon-sc-9kayk9-0 daAEFx" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path d="M12.78 5.22a.749.749 0 0 1 0 1.06l-4.25 4.25a.749.749 0 0 1-1.06 0L3.22 6.28a.749.749 0 1 1 1.06-1.06L8 8.939l3.72-3.719a.749.749 0 0 1 1.06 0Z"></path></svg></span></div></div></button><div><ul id=":R3b6n6H1:" aria-labelledby=":R3b6n6:" class="Box-sc-g0xbh4-0 gMkIpo"><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rd3b6n6:--label " id=":Rd3b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 fuIgwR" href="/en/code-security/getting-started/github-security-features"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rd3b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">GitHub security features</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rl3b6n6:--label " id=":Rl3b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 fuIgwR" href="/en/code-security/getting-started/dependabot-quickstart-guide"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rl3b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Dependabot quickstart</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rt3b6n6:--label " id=":Rt3b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 fuIgwR" href="/en/code-security/getting-started/quickstart-for-securing-your-repository"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rt3b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Secure repository quickstart</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R153b6n6:--label " id=":R153b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 fuIgwR" href="/en/code-security/getting-started/adding-a-security-policy-to-your-repository"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R153b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Add a security policy</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R1d3b6n6:--label " id=":R1d3b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 fuIgwR" href="/en/code-security/getting-started/auditing-security-alerts"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R1d3b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Audit security alerts</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R1l3b6n6:--label " id=":R1l3b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 fuIgwR" href="/en/code-security/getting-started/best-practices-for-preventing-data-leaks-in-your-organization"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R1l3b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Prevent data leaks</span></div></a></li></ul></div></li><li aria-labelledby=":R5b6n6:" class="Box-sc-g0xbh4-0 Ywlla"><button tabindex="0" aria-labelledby=":R5b6n6:--label " id=":R5b6n6:" aria-expanded="false" aria-controls=":R5b6n6H1:" class="Item__LiBox-sc-yeql7o-0 itjSOb"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><div class="Box-sc-g0xbh4-0 cUxMoC"><span id=":R5b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Secure your organization</span><span class="Box-sc-g0xbh4-0 lmYNOb"><svg aria-hidden="true" focusable="false" class="Octicon-sc-9kayk9-0 daAEFx" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path d="M12.78 5.22a.749.749 0 0 1 0 1.06l-4.25 4.25a.749.749 0 0 1-1.06 0L3.22 6.28a.749.749 0 1 1 1.06-1.06L8 8.939l3.72-3.719a.749.749 0 0 1 1.06 0Z"></path></svg></span></div></div></button><div><ul id=":R5b6n6H1:" aria-labelledby=":R5b6n6:" class="Box-sc-g0xbh4-0 gMkIpo"><li aria-labelledby=":Rd5b6n6:" class="Box-sc-g0xbh4-0 Ywlla"><button tabindex="0" aria-labelledby=":Rd5b6n6:--label " id=":Rd5b6n6:" aria-expanded="false" aria-controls=":Rd5b6n6H1:" class="Item__LiBox-sc-yeql7o-0 kXKjOF"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><div class="Box-sc-g0xbh4-0 cUxMoC"><span id=":Rd5b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Introduction</span><span class="Box-sc-g0xbh4-0 lmYNOb"><svg aria-hidden="true" focusable="false" class="Octicon-sc-9kayk9-0 daAEFx" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path d="M12.78 5.22a.749.749 0 0 1 0 1.06l-4.25 4.25a.749.749 0 0 1-1.06 0L3.22 6.28a.749.749 0 1 1 1.06-1.06L8 8.939l3.72-3.719a.749.749 0 0 1 1.06 0Z"></path></svg></span></div></div></button><div><ul id=":Rd5b6n6H1:" aria-labelledby=":Rd5b6n6:" class="Box-sc-g0xbh4-0 gMkIpo"><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rqd5b6n6:--label " id=":Rqd5b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rqd5b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">About organization security</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R1ad5b6n6:--label " id=":R1ad5b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/choosing-a-security-configuration-for-your-repositories"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R1ad5b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Choose security configuration</span></div></a></li></ul></div></li><li aria-labelledby=":Rl5b6n6:" class="Box-sc-g0xbh4-0 Ywlla"><button tabindex="0" aria-labelledby=":Rl5b6n6:--label " id=":Rl5b6n6:" aria-expanded="false" aria-controls=":Rl5b6n6H1:" class="Item__LiBox-sc-yeql7o-0 kXKjOF"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><div class="Box-sc-g0xbh4-0 cUxMoC"><span id=":Rl5b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Enable security features</span><span class="Box-sc-g0xbh4-0 lmYNOb"><svg aria-hidden="true" focusable="false" class="Octicon-sc-9kayk9-0 daAEFx" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path d="M12.78 5.22a.749.749 0 0 1 0 1.06l-4.25 4.25a.749.749 0 0 1-1.06 0L3.22 6.28a.749.749 0 1 1 1.06-1.06L8 8.939l3.72-3.719a.749.749 0 0 1 1.06 0Z"></path></svg></span></div></div></button><div><ul id=":Rl5b6n6H1:" aria-labelledby=":Rl5b6n6:" class="Box-sc-g0xbh4-0 gMkIpo"><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rql5b6n6:--label " id=":Rql5b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rql5b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Apply recommended configuration</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R1al5b6n6:--label " id=":R1al5b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R1al5b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Create custom configuration</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R1ql5b6n6:--label " id=":R1ql5b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-a-custom-security-configuration"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R1ql5b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Apply custom configuration</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R2al5b6n6:--label " id=":R2al5b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R2al5b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Configure global settings</span></div></a></li></ul></div></li><li aria-labelledby=":Rt5b6n6:" class="Box-sc-g0xbh4-0 Ywlla"><button tabindex="0" aria-labelledby=":Rt5b6n6:--label " id=":Rt5b6n6:" aria-expanded="false" aria-controls=":Rt5b6n6H1:" class="Item__LiBox-sc-yeql7o-0 kXKjOF"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><div class="Box-sc-g0xbh4-0 cUxMoC"><span id=":Rt5b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Manage organization security</span><span class="Box-sc-g0xbh4-0 lmYNOb"><svg aria-hidden="true" focusable="false" class="Octicon-sc-9kayk9-0 daAEFx" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path d="M12.78 5.22a.749.749 0 0 1 0 1.06l-4.25 4.25a.749.749 0 0 1-1.06 0L3.22 6.28a.749.749 0 1 1 1.06-1.06L8 8.939l3.72-3.719a.749.749 0 0 1 1.06 0Z"></path></svg></span></div></div></button><div><ul id=":Rt5b6n6H1:" aria-labelledby=":Rt5b6n6:" class="Box-sc-g0xbh4-0 gMkIpo"><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rqt5b6n6:--label " id=":Rqt5b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/securing-your-organization/managing-the-security-of-your-organization/interpreting-security-findings"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rqt5b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Interpret security data</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R1at5b6n6:--label " id=":R1at5b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/securing-your-organization/managing-the-security-of-your-organization/filtering-repositories-in-your-organization-using-the-repository-table"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R1at5b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Filter repositories</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R1qt5b6n6:--label " id=":R1qt5b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/securing-your-organization/managing-the-security-of-your-organization/editing-a-custom-security-configuration"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R1qt5b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Edit custom configuration</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R2at5b6n6:--label " id=":R2at5b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/securing-your-organization/managing-the-security-of-your-organization/managing-your-github-advanced-security-license-usage"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R2at5b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Manage GHAS licenses</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R2qt5b6n6:--label " id=":R2qt5b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/securing-your-organization/managing-the-security-of-your-organization/detaching-repositories-from-their-security-configurations"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R2qt5b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Detach security configuration</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R3at5b6n6:--label " id=":R3at5b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/securing-your-organization/managing-the-security-of-your-organization/finding-repositories-with-attachment-failures"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R3at5b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Find attachment failures</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R3qt5b6n6:--label " id=":R3qt5b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/securing-your-organization/managing-the-security-of-your-organization/deleting-a-custom-security-configuration"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R3qt5b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Delete custom configuration</span></div></a></li></ul></div></li><li aria-labelledby=":R155b6n6:" class="Box-sc-g0xbh4-0 Ywlla"><button tabindex="0" aria-labelledby=":R155b6n6:--label " id=":R155b6n6:" aria-expanded="false" aria-controls=":R155b6n6H1:" class="Item__LiBox-sc-yeql7o-0 kXKjOF"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><div class="Box-sc-g0xbh4-0 cUxMoC"><span id=":R155b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Troubleshooting configurations</span><span class="Box-sc-g0xbh4-0 lmYNOb"><svg aria-hidden="true" focusable="false" class="Octicon-sc-9kayk9-0 daAEFx" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path d="M12.78 5.22a.749.749 0 0 1 0 1.06l-4.25 4.25a.749.749 0 0 1-1.06 0L3.22 6.28a.749.749 0 1 1 1.06-1.06L8 8.939l3.72-3.719a.749.749 0 0 1 1.06 0Z"></path></svg></span></div></div></button><div><ul id=":R155b6n6H1:" aria-labelledby=":R155b6n6:" class="Box-sc-g0xbh4-0 gMkIpo"><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rr55b6n6:--label " id=":Rr55b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/securing-your-organization/troubleshooting-security-configurations/a-repository-is-using-advanced-setup-for-code-scanning"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rr55b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Active advanced setup</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R1b55b6n6:--label " id=":R1b55b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/securing-your-organization/troubleshooting-security-configurations/not-enough-github-advanced-security-licenses"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R1b55b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Not enough GHAS licenses</span></div></a></li></ul></div></li></ul></div></li><li aria-labelledby=":R7b6n6:" class="Box-sc-g0xbh4-0 Ywlla"><button tabindex="0" aria-labelledby=":R7b6n6:--label " id=":R7b6n6:" aria-expanded="false" aria-controls=":R7b6n6H1:" class="Item__LiBox-sc-yeql7o-0 itjSOb"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><div class="Box-sc-g0xbh4-0 cUxMoC"><span id=":R7b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Secret scanning</span><span class="Box-sc-g0xbh4-0 lmYNOb"><svg aria-hidden="true" focusable="false" class="Octicon-sc-9kayk9-0 daAEFx" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path d="M12.78 5.22a.749.749 0 0 1 0 1.06l-4.25 4.25a.749.749 0 0 1-1.06 0L3.22 6.28a.749.749 0 1 1 1.06-1.06L8 8.939l3.72-3.719a.749.749 0 0 1 1.06 0Z"></path></svg></span></div></div></button><div><ul id=":R7b6n6H1:" aria-labelledby=":R7b6n6:" class="Box-sc-g0xbh4-0 gMkIpo"><li aria-labelledby=":Rd7b6n6:" class="Box-sc-g0xbh4-0 Ywlla"><button tabindex="0" aria-labelledby=":Rd7b6n6:--label " id=":Rd7b6n6:" aria-expanded="false" aria-controls=":Rd7b6n6H1:" class="Item__LiBox-sc-yeql7o-0 kXKjOF"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><div class="Box-sc-g0xbh4-0 cUxMoC"><span id=":Rd7b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Introduction</span><span class="Box-sc-g0xbh4-0 lmYNOb"><svg aria-hidden="true" focusable="false" class="Octicon-sc-9kayk9-0 daAEFx" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path d="M12.78 5.22a.749.749 0 0 1 0 1.06l-4.25 4.25a.749.749 0 0 1-1.06 0L3.22 6.28a.749.749 0 1 1 1.06-1.06L8 8.939l3.72-3.719a.749.749 0 0 1 1.06 0Z"></path></svg></span></div></div></button><div><ul id=":Rd7b6n6H1:" aria-labelledby=":Rd7b6n6:" class="Box-sc-g0xbh4-0 gMkIpo"><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R1kd7b6n6:--label " id=":R1kd7b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/secret-scanning/introduction/about-secret-scanning"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R1kd7b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Secret scanning</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R2kd7b6n6:--label " id=":R2kd7b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/secret-scanning/introduction/about-push-protection"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R2kd7b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Push protection</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R3kd7b6n6:--label " id=":R3kd7b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/secret-scanning/introduction/about-secret-scanning-for-partners"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R3kd7b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Secret scanning for partners</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R4kd7b6n6:--label " id=":R4kd7b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/secret-scanning/introduction/supported-secret-scanning-patterns"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R4kd7b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Supported patterns</span></div></a></li></ul></div></li><li aria-labelledby=":Rl7b6n6:" class="Box-sc-g0xbh4-0 Ywlla"><button tabindex="0" aria-labelledby=":Rl7b6n6:--label " id=":Rl7b6n6:" aria-expanded="false" aria-controls=":Rl7b6n6H1:" class="Item__LiBox-sc-yeql7o-0 kXKjOF"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><div class="Box-sc-g0xbh4-0 cUxMoC"><span id=":Rl7b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Enable features</span><span class="Box-sc-g0xbh4-0 lmYNOb"><svg aria-hidden="true" focusable="false" class="Octicon-sc-9kayk9-0 daAEFx" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path d="M12.78 5.22a.749.749 0 0 1 0 1.06l-4.25 4.25a.749.749 0 0 1-1.06 0L3.22 6.28a.749.749 0 1 1 1.06-1.06L8 8.939l3.72-3.719a.749.749 0 0 1 1.06 0Z"></path></svg></span></div></div></button><div><ul id=":Rl7b6n6H1:" aria-labelledby=":Rl7b6n6:" class="Box-sc-g0xbh4-0 gMkIpo"><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R1kl7b6n6:--label " id=":R1kl7b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/secret-scanning/enabling-secret-scanning-features/enabling-secret-scanning-for-your-repository"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R1kl7b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Enable secret scanning</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R2kl7b6n6:--label " id=":R2kl7b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/secret-scanning/enabling-secret-scanning-features/enabling-push-protection-for-your-repository"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R2kl7b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Enable push protection</span></div></a></li></ul></div></li><li aria-labelledby=":Rt7b6n6:" class="Box-sc-g0xbh4-0 Ywlla"><button tabindex="0" aria-labelledby=":Rt7b6n6:--label " id=":Rt7b6n6:" aria-expanded="false" aria-controls=":Rt7b6n6H1:" class="Item__LiBox-sc-yeql7o-0 kXKjOF"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><div class="Box-sc-g0xbh4-0 cUxMoC"><span id=":Rt7b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Manage alerts</span><span class="Box-sc-g0xbh4-0 lmYNOb"><svg aria-hidden="true" focusable="false" class="Octicon-sc-9kayk9-0 daAEFx" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path d="M12.78 5.22a.749.749 0 0 1 0 1.06l-4.25 4.25a.749.749 0 0 1-1.06 0L3.22 6.28a.749.749 0 1 1 1.06-1.06L8 8.939l3.72-3.719a.749.749 0 0 1 1.06 0Z"></path></svg></span></div></div></button><div><ul id=":Rt7b6n6H1:" aria-labelledby=":Rt7b6n6:" class="Box-sc-g0xbh4-0 gMkIpo"><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R1kt7b6n6:--label " id=":R1kt7b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/secret-scanning/managing-alerts-from-secret-scanning/about-alerts"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R1kt7b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">About alerts</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R2kt7b6n6:--label " id=":R2kt7b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/secret-scanning/managing-alerts-from-secret-scanning/viewing-alerts"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R2kt7b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">View alerts</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R3kt7b6n6:--label " id=":R3kt7b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R3kt7b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Evaluate alerts</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R4kt7b6n6:--label " id=":R4kt7b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/secret-scanning/managing-alerts-from-secret-scanning/resolving-alerts"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R4kt7b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Resolve alerts</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R5kt7b6n6:--label " id=":R5kt7b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/secret-scanning/managing-alerts-from-secret-scanning/monitoring-alerts"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R5kt7b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Monitor alerts</span></div></a></li></ul></div></li><li aria-labelledby=":R157b6n6:" class="Box-sc-g0xbh4-0 Ywlla"><button tabindex="0" aria-labelledby=":R157b6n6:--label " id=":R157b6n6:" aria-expanded="false" aria-controls=":R157b6n6H1:" class="Item__LiBox-sc-yeql7o-0 kXKjOF"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><div class="Box-sc-g0xbh4-0 cUxMoC"><span id=":R157b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Work with secret scanning</span><span class="Box-sc-g0xbh4-0 lmYNOb"><svg aria-hidden="true" focusable="false" class="Octicon-sc-9kayk9-0 daAEFx" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path d="M12.78 5.22a.749.749 0 0 1 0 1.06l-4.25 4.25a.749.749 0 0 1-1.06 0L3.22 6.28a.749.749 0 1 1 1.06-1.06L8 8.939l3.72-3.719a.749.749 0 0 1 1.06 0Z"></path></svg></span></div></div></button><div><ul id=":R157b6n6H1:" aria-labelledby=":R157b6n6:" class="Box-sc-g0xbh4-0 gMkIpo"><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R1l57b6n6:--label " id=":R1l57b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/push-protection-for-users"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R1l57b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Push protection for users</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R2l57b6n6:--label " id=":R2l57b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-command-line"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R2l57b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Push protection on the command line</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R3l57b6n6:--label " id=":R3l57b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-rest-api"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R3l57b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Push protection from the REST API</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R4l57b6n6:--label " id=":R4l57b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-in-the-github-ui"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R4l57b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Push protection in the GitHub UI</span></div></a></li></ul></div></li><li aria-labelledby=":R1d7b6n6:" class="Box-sc-g0xbh4-0 Ywlla"><button tabindex="0" aria-labelledby=":R1d7b6n6:--label " id=":R1d7b6n6:" aria-expanded="false" aria-controls=":R1d7b6n6H1:" class="Item__LiBox-sc-yeql7o-0 kXKjOF"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><div class="Box-sc-g0xbh4-0 cUxMoC"><span id=":R1d7b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Advanced features</span><span class="Box-sc-g0xbh4-0 lmYNOb"><svg aria-hidden="true" focusable="false" class="Octicon-sc-9kayk9-0 daAEFx" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path d="M12.78 5.22a.749.749 0 0 1 0 1.06l-4.25 4.25a.749.749 0 0 1-1.06 0L3.22 6.28a.749.749 0 1 1 1.06-1.06L8 8.939l3.72-3.719a.749.749 0 0 1 1.06 0Z"></path></svg></span></div></div></button><div><ul id=":R1d7b6n6H1:" aria-labelledby=":R1d7b6n6:" class="Box-sc-g0xbh4-0 gMkIpo"><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R1ld7b6n6:--label " id=":R1ld7b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/excluding-folders-and-files-from-secret-scanning"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R1ld7b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Exclude folders and files</span></div></a></li></ul></div></li><li aria-labelledby=":R1l7b6n6:" class="Box-sc-g0xbh4-0 Ywlla"><button tabindex="0" aria-labelledby=":R1l7b6n6:--label " id=":R1l7b6n6:" aria-expanded="false" aria-controls=":R1l7b6n6H1:" class="Item__LiBox-sc-yeql7o-0 kXKjOF"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><div class="Box-sc-g0xbh4-0 cUxMoC"><span id=":R1l7b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Copilot secret scanning</span><span class="Box-sc-g0xbh4-0 lmYNOb"><svg aria-hidden="true" focusable="false" class="Octicon-sc-9kayk9-0 daAEFx" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path d="M12.78 5.22a.749.749 0 0 1 0 1.06l-4.25 4.25a.749.749 0 0 1-1.06 0L3.22 6.28a.749.749 0 1 1 1.06-1.06L8 8.939l3.72-3.719a.749.749 0 0 1 1.06 0Z"></path></svg></span></div></div></button><div><ul id=":R1l7b6n6H1:" aria-labelledby=":R1l7b6n6:" class="Box-sc-g0xbh4-0 gMkIpo"><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R1ll7b6n6:--label " id=":R1ll7b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/secret-scanning/copilot-secret-scanning/responsible-ai-generic-secrets"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R1ll7b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Generic secret detection</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R2ll7b6n6:--label " id=":R2ll7b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/secret-scanning/copilot-secret-scanning/responsible-ai-regex-generator"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R2ll7b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Generate regular expressions with AI</span></div></a></li></ul></div></li><li aria-labelledby=":R1t7b6n6:" class="Box-sc-g0xbh4-0 Ywlla"><button tabindex="0" aria-labelledby=":R1t7b6n6:--label " id=":R1t7b6n6:" aria-expanded="false" aria-controls=":R1t7b6n6H1:" class="Item__LiBox-sc-yeql7o-0 kXKjOF"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><div class="Box-sc-g0xbh4-0 cUxMoC"><span id=":R1t7b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Troubleshoot</span><span class="Box-sc-g0xbh4-0 lmYNOb"><svg aria-hidden="true" focusable="false" class="Octicon-sc-9kayk9-0 daAEFx" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path d="M12.78 5.22a.749.749 0 0 1 0 1.06l-4.25 4.25a.749.749 0 0 1-1.06 0L3.22 6.28a.749.749 0 1 1 1.06-1.06L8 8.939l3.72-3.719a.749.749 0 0 1 1.06 0Z"></path></svg></span></div></div></button><div><ul id=":R1t7b6n6H1:" aria-labelledby=":R1t7b6n6:" class="Box-sc-g0xbh4-0 gMkIpo"><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R1lt7b6n6:--label " id=":R1lt7b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/secret-scanning/troubleshooting-secret-scanning-and-push-protection/troubleshooting-secret-scanning"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R1lt7b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Troubleshoot secret scanning</span></div></a></li></ul></div></li><li aria-labelledby=":R257b6n6:" class="Box-sc-g0xbh4-0 Ywlla"><button tabindex="0" aria-labelledby=":R257b6n6:--label " id=":R257b6n6:" aria-expanded="false" aria-controls=":R257b6n6H1:" class="Item__LiBox-sc-yeql7o-0 kXKjOF"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><div class="Box-sc-g0xbh4-0 cUxMoC"><span id=":R257b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Partner program</span><span class="Box-sc-g0xbh4-0 lmYNOb"><svg aria-hidden="true" focusable="false" class="Octicon-sc-9kayk9-0 daAEFx" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path d="M12.78 5.22a.749.749 0 0 1 0 1.06l-4.25 4.25a.749.749 0 0 1-1.06 0L3.22 6.28a.749.749 0 1 1 1.06-1.06L8 8.939l3.72-3.719a.749.749 0 0 1 1.06 0Z"></path></svg></span></div></div></button><div><ul id=":R257b6n6H1:" aria-labelledby=":R257b6n6:" class="Box-sc-g0xbh4-0 gMkIpo"><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R1m57b6n6:--label " id=":R1m57b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/secret-scanning/secret-scanning-partnership-program/secret-scanning-partner-program"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R1m57b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Partner program</span></div></a></li></ul></div></li></ul></div></li><li aria-labelledby=":R9b6n6:" class="Box-sc-g0xbh4-0 Ywlla"><button tabindex="0" aria-labelledby=":R9b6n6:--label " id=":R9b6n6:" aria-expanded="true" aria-controls=":R9b6n6H1:" class="Item__LiBox-sc-yeql7o-0 itjSOb"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><div class="Box-sc-g0xbh4-0 cUxMoC"><span id=":R9b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Code scanning</span><span class="Box-sc-g0xbh4-0 lmYNOb"><svg aria-hidden="true" focusable="false" class="Octicon-sc-9kayk9-0 gzcJGA" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path d="M12.78 5.22a.749.749 0 0 1 0 1.06l-4.25 4.25a.749.749 0 0 1-1.06 0L3.22 6.28a.749.749 0 1 1 1.06-1.06L8 8.939l3.72-3.719a.749.749 0 0 1 1.06 0Z"></path></svg></span></div></div></button><div><ul id=":R9b6n6H1:" aria-labelledby=":R9b6n6:" class="Box-sc-g0xbh4-0 enEvIH"><li aria-labelledby=":Rd9b6n6:" class="Box-sc-g0xbh4-0 Ywlla"><button tabindex="0" aria-labelledby=":Rd9b6n6:--label " id=":Rd9b6n6:" aria-expanded="false" aria-controls=":Rd9b6n6H1:" class="Item__LiBox-sc-yeql7o-0 kXKjOF"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><div class="Box-sc-g0xbh4-0 cUxMoC"><span id=":Rd9b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Introduction</span><span class="Box-sc-g0xbh4-0 lmYNOb"><svg aria-hidden="true" focusable="false" class="Octicon-sc-9kayk9-0 daAEFx" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path d="M12.78 5.22a.749.749 0 0 1 0 1.06l-4.25 4.25a.749.749 0 0 1-1.06 0L3.22 6.28a.749.749 0 1 1 1.06-1.06L8 8.939l3.72-3.719a.749.749 0 0 1 1.06 0Z"></path></svg></span></div></div></button><div><ul id=":Rd9b6n6H1:" aria-labelledby=":Rd9b6n6:" class="Box-sc-g0xbh4-0 gMkIpo"><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R1kd9b6n6:--label " id=":R1kd9b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R1kd9b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">About code scanning</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R2kd9b6n6:--label " id=":R2kd9b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning-with-codeql"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R2kd9b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">About CodeQL code scanning</span></div></a></li></ul></div></li><li aria-labelledby=":Rl9b6n6:" class="Box-sc-g0xbh4-0 Ywlla"><button tabindex="0" aria-labelledby=":Rl9b6n6:--label " id=":Rl9b6n6:" aria-expanded="false" aria-controls=":Rl9b6n6H1:" class="Item__LiBox-sc-yeql7o-0 kXKjOF"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><div class="Box-sc-g0xbh4-0 cUxMoC"><span id=":Rl9b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Enable code scanning</span><span class="Box-sc-g0xbh4-0 lmYNOb"><svg aria-hidden="true" focusable="false" class="Octicon-sc-9kayk9-0 daAEFx" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path d="M12.78 5.22a.749.749 0 0 1 0 1.06l-4.25 4.25a.749.749 0 0 1-1.06 0L3.22 6.28a.749.749 0 1 1 1.06-1.06L8 8.939l3.72-3.719a.749.749 0 0 1 1.06 0Z"></path></svg></span></div></div></button><div><ul id=":Rl9b6n6H1:" aria-labelledby=":Rl9b6n6:" class="Box-sc-g0xbh4-0 gMkIpo"><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R1kl9b6n6:--label " id=":R1kl9b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R1kl9b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Configure code scanning</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R2kl9b6n6:--label " id=":R2kl9b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/code-scanning/enabling-code-scanning/evaluating-default-setup-for-code-scanning"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R2kl9b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Evaluate code scanning</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R3kl9b6n6:--label " id=":R3kl9b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R3kl9b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Code scanning at scale</span></div></a></li></ul></div></li><li aria-labelledby=":Rt9b6n6:" class="Box-sc-g0xbh4-0 Ywlla"><button tabindex="0" aria-labelledby=":Rt9b6n6:--label " id=":Rt9b6n6:" aria-expanded="true" aria-controls=":Rt9b6n6H1:" class="Item__LiBox-sc-yeql7o-0 kXKjOF"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><div class="Box-sc-g0xbh4-0 cUxMoC"><span id=":Rt9b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Create advanced setup</span><span class="Box-sc-g0xbh4-0 lmYNOb"><svg aria-hidden="true" focusable="false" class="Octicon-sc-9kayk9-0 gzcJGA" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path d="M12.78 5.22a.749.749 0 0 1 0 1.06l-4.25 4.25a.749.749 0 0 1-1.06 0L3.22 6.28a.749.749 0 1 1 1.06-1.06L8 8.939l3.72-3.719a.749.749 0 0 1 1.06 0Z"></path></svg></span></div></div></button><div><ul id=":Rt9b6n6H1:" aria-labelledby=":Rt9b6n6:" class="Box-sc-g0xbh4-0 enEvIH"><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R1kt9b6n6:--label " id=":R1kt9b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R1kt9b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Configure advanced setup</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 hTSEii"><a sx="[object Object]" tabindex="0" aria-labelledby=":R2kt9b6n6:--label " id=":R2kt9b6n6:" aria-current="page" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R2kt9b6n6:--label" class="Box-sc-g0xbh4-0 ivpQTm">Customize advanced setup</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R3kt9b6n6:--label " id=":R3kt9b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R3kt9b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">CodeQL for compiled languages</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R4kt9b6n6:--label " id=":R4kt9b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning-with-codeql-at-scale"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R4kt9b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">CodeQL advanced setup at scale</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R5kt9b6n6:--label " id=":R5kt9b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/recommended-hardware-resources-for-running-codeql"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R5kt9b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Hardware resources for CodeQL</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R6kt9b6n6:--label " id=":R6kt9b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/running-codeql-code-scanning-in-a-container"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R6kt9b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Code scanning in a container</span></div></a></li></ul></div></li><li aria-labelledby=":R159b6n6:" class="Box-sc-g0xbh4-0 Ywlla"><button tabindex="0" aria-labelledby=":R159b6n6:--label " id=":R159b6n6:" aria-expanded="false" aria-controls=":R159b6n6H1:" class="Item__LiBox-sc-yeql7o-0 kXKjOF"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><div class="Box-sc-g0xbh4-0 cUxMoC"><span id=":R159b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Manage alerts</span><span class="Box-sc-g0xbh4-0 lmYNOb"><svg aria-hidden="true" focusable="false" class="Octicon-sc-9kayk9-0 daAEFx" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path d="M12.78 5.22a.749.749 0 0 1 0 1.06l-4.25 4.25a.749.749 0 0 1-1.06 0L3.22 6.28a.749.749 0 1 1 1.06-1.06L8 8.939l3.72-3.719a.749.749 0 0 1 1.06 0Z"></path></svg></span></div></div></button><div><ul id=":R159b6n6H1:" aria-labelledby=":R159b6n6:" class="Box-sc-g0xbh4-0 gMkIpo"><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R1l59b6n6:--label " id=":R1l59b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R1l59b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">About code scanning alerts</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R2l59b6n6:--label " id=":R2l59b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/code-scanning/managing-code-scanning-alerts/responsible-use-autofix-code-scanning"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R2l59b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Copilot Autofix for code scanning</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R3l59b6n6:--label " id=":R3l59b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/code-scanning/managing-code-scanning-alerts/disabling-autofix-for-code-scanning"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R3l59b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Disable Copilot Autofix</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R4l59b6n6:--label " id=":R4l59b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/code-scanning/managing-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R4l59b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Assess alerts</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R5l59b6n6:--label " id=":R5l59b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/code-scanning/managing-code-scanning-alerts/resolving-code-scanning-alerts"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R5l59b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Resolve alerts</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R6l59b6n6:--label " id=":R6l59b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R6l59b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Triage alerts in pull requests</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R7l59b6n6:--label " id=":R7l59b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/code-scanning/managing-code-scanning-alerts/tracking-code-scanning-alerts-in-issues-using-task-lists"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R7l59b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Track alerts in issues</span></div></a></li></ul></div></li><li aria-labelledby=":R1d9b6n6:" class="Box-sc-g0xbh4-0 Ywlla"><button tabindex="0" aria-labelledby=":R1d9b6n6:--label " id=":R1d9b6n6:" aria-expanded="false" aria-controls=":R1d9b6n6H1:" class="Item__LiBox-sc-yeql7o-0 kXKjOF"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><div class="Box-sc-g0xbh4-0 cUxMoC"><span id=":R1d9b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Manage code scanning</span><span class="Box-sc-g0xbh4-0 lmYNOb"><svg aria-hidden="true" focusable="false" class="Octicon-sc-9kayk9-0 daAEFx" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path d="M12.78 5.22a.749.749 0 0 1 0 1.06l-4.25 4.25a.749.749 0 0 1-1.06 0L3.22 6.28a.749.749 0 1 1 1.06-1.06L8 8.939l3.72-3.719a.749.749 0 0 1 1.06 0Z"></path></svg></span></div></div></button><div><ul id=":R1d9b6n6H1:" aria-labelledby=":R1d9b6n6:" class="Box-sc-g0xbh4-0 gMkIpo"><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R1ld9b6n6:--label " id=":R1ld9b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/code-scanning/managing-your-code-scanning-configuration/about-the-tool-status-page"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R1ld9b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Code scanning tool status</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R2ld9b6n6:--label " id=":R2ld9b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R2ld9b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Edit default setup</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R3ld9b6n6:--label " id=":R3ld9b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/code-scanning/managing-your-code-scanning-configuration/set-code-scanning-merge-protection"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R3ld9b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Set merge protection</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R4ld9b6n6:--label " id=":R4ld9b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/code-scanning/managing-your-code-scanning-configuration/codeql-query-suites"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R4ld9b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">CodeQL query suites</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R5ld9b6n6:--label " id=":R5ld9b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/code-scanning/managing-your-code-scanning-configuration/configuring-larger-runners-for-default-setup"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R5ld9b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Configure larger runners</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R6ld9b6n6:--label " id=":R6ld9b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/code-scanning/managing-your-code-scanning-configuration/viewing-code-scanning-logs"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R6ld9b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">View code scanning logs</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R7ld9b6n6:--label " id=":R7ld9b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/code-scanning/managing-your-code-scanning-configuration/c-cpp-built-in-queries"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R7ld9b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">C and C++ CodeQL queries</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R8ld9b6n6:--label " id=":R8ld9b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/code-scanning/managing-your-code-scanning-configuration/csharp-built-in-queries"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R8ld9b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">C# CodeQL queries</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R9ld9b6n6:--label " id=":R9ld9b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/code-scanning/managing-your-code-scanning-configuration/go-built-in-queries"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R9ld9b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Go CodeQL queries</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rald9b6n6:--label " id=":Rald9b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/code-scanning/managing-your-code-scanning-configuration/java-kotlin-built-in-queries"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rald9b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Java and Kotlin CodeQL queries</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rbld9b6n6:--label " id=":Rbld9b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/code-scanning/managing-your-code-scanning-configuration/javascript-typescript-built-in-queries"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rbld9b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">JavaScript and TypeScript queries</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rcld9b6n6:--label " id=":Rcld9b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/code-scanning/managing-your-code-scanning-configuration/python-built-in-queries"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rcld9b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Python CodeQL queries</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rdld9b6n6:--label " id=":Rdld9b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/code-scanning/managing-your-code-scanning-configuration/ruby-built-in-queries"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rdld9b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Ruby CodeQL queries</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Reld9b6n6:--label " id=":Reld9b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/code-scanning/managing-your-code-scanning-configuration/swift-built-in-queries"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Reld9b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Swift CodeQL queries</span></div></a></li></ul></div></li><li aria-labelledby=":R1l9b6n6:" class="Box-sc-g0xbh4-0 Ywlla"><button tabindex="0" aria-labelledby=":R1l9b6n6:--label " id=":R1l9b6n6:" aria-expanded="false" aria-controls=":R1l9b6n6H1:" class="Item__LiBox-sc-yeql7o-0 kXKjOF"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><div class="Box-sc-g0xbh4-0 cUxMoC"><span id=":R1l9b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Integrate with code scanning</span><span class="Box-sc-g0xbh4-0 lmYNOb"><svg aria-hidden="true" focusable="false" class="Octicon-sc-9kayk9-0 daAEFx" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path d="M12.78 5.22a.749.749 0 0 1 0 1.06l-4.25 4.25a.749.749 0 0 1-1.06 0L3.22 6.28a.749.749 0 1 1 1.06-1.06L8 8.939l3.72-3.719a.749.749 0 0 1 1.06 0Z"></path></svg></span></div></div></button><div><ul id=":R1l9b6n6H1:" aria-labelledby=":R1l9b6n6:" class="Box-sc-g0xbh4-0 gMkIpo"><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R1ll9b6n6:--label " id=":R1ll9b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/code-scanning/integrating-with-code-scanning/about-integration-with-code-scanning"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R1ll9b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">About integration</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R2ll9b6n6:--label " id=":R2ll9b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/code-scanning/integrating-with-code-scanning/using-code-scanning-with-your-existing-ci-system"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R2ll9b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Using code scanning with your existing CI system</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R3ll9b6n6:--label " id=":R3ll9b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R3ll9b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Upload a SARIF file</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R4ll9b6n6:--label " id=":R4ll9b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R4ll9b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">SARIF support</span></div></a></li></ul></div></li><li aria-labelledby=":R1t9b6n6:" class="Box-sc-g0xbh4-0 Ywlla"><button tabindex="0" aria-labelledby=":R1t9b6n6:--label " id=":R1t9b6n6:" aria-expanded="false" aria-controls=":R1t9b6n6H1:" class="Item__LiBox-sc-yeql7o-0 kXKjOF"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><div class="Box-sc-g0xbh4-0 cUxMoC"><span id=":R1t9b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Troubleshooting code scanning</span><span class="Box-sc-g0xbh4-0 lmYNOb"><svg aria-hidden="true" focusable="false" class="Octicon-sc-9kayk9-0 daAEFx" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path d="M12.78 5.22a.749.749 0 0 1 0 1.06l-4.25 4.25a.749.749 0 0 1-1.06 0L3.22 6.28a.749.749 0 1 1 1.06-1.06L8 8.939l3.72-3.719a.749.749 0 0 1 1.06 0Z"></path></svg></span></div></div></button><div><ul id=":R1t9b6n6H1:" aria-labelledby=":R1t9b6n6:" class="Box-sc-g0xbh4-0 gMkIpo"><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R1lt9b6n6:--label " id=":R1lt9b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/code-scanning/troubleshooting-code-scanning/advanced-security-must-be-enabled"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R1lt9b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Advanced Security must be enabled</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R2lt9b6n6:--label " id=":R2lt9b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/code-scanning/troubleshooting-code-scanning/alerts-in-generated-code"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R2lt9b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Alerts in generated code</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R3lt9b6n6:--label " id=":R3lt9b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/code-scanning/troubleshooting-code-scanning/analysis-takes-too-long"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R3lt9b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Analysis takes too long</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R4lt9b6n6:--label " id=":R4lt9b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/code-scanning/troubleshooting-code-scanning/automatic-build-failed"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R4lt9b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Automatic build failed</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R5lt9b6n6:--label " id=":R5lt9b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/code-scanning/troubleshooting-code-scanning/c-sharp-compiler-unexpectedly-failing"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R5lt9b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">C# compiler failing</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R6lt9b6n6:--label " id=":R6lt9b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/code-scanning/troubleshooting-code-scanning/cannot-enable-codeql-in-a-private-repository"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R6lt9b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Cannot enable CodeQL in a private repository</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R7lt9b6n6:--label " id=":R7lt9b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/code-scanning/troubleshooting-code-scanning/enabling-default-setup-takes-too-long"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R7lt9b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Enabling default setup takes too long</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R8lt9b6n6:--label " id=":R8lt9b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/code-scanning/troubleshooting-code-scanning/extraction-errors-in-the-database"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R8lt9b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Extraction errors in the database</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R9lt9b6n6:--label " id=":R9lt9b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/code-scanning/troubleshooting-code-scanning/fewer-lines-scanned-than-expected"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R9lt9b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Fewer lines scanned than expected</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Ralt9b6n6:--label " id=":Ralt9b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/code-scanning/troubleshooting-code-scanning/logs-not-detailed-enough"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Ralt9b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Logs not detailed enough</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rblt9b6n6:--label " id=":Rblt9b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/code-scanning/troubleshooting-code-scanning/no-source-code-seen-during-build"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rblt9b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">No source code seen during build</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rclt9b6n6:--label " id=":Rclt9b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/code-scanning/troubleshooting-code-scanning/not-recognized"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rclt9b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Not recognized</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rdlt9b6n6:--label " id=":Rdlt9b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/code-scanning/troubleshooting-code-scanning/out-of-disk-or-memory"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rdlt9b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Out of disk or memory</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Relt9b6n6:--label " id=":Relt9b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/code-scanning/troubleshooting-code-scanning/resource-not-accessible"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Relt9b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Resource not accessible</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rflt9b6n6:--label " id=":Rflt9b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/code-scanning/troubleshooting-code-scanning/results-different-than-expected"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rflt9b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Results different than expected</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rglt9b6n6:--label " id=":Rglt9b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/code-scanning/troubleshooting-code-scanning/server-error"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rglt9b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Server error</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rhlt9b6n6:--label " id=":Rhlt9b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/code-scanning/troubleshooting-code-scanning/some-languages-not-analyzed"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rhlt9b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Some languages not analyzed</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rilt9b6n6:--label " id=":Rilt9b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/code-scanning/troubleshooting-code-scanning/two-codeql-workflows"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rilt9b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Two CodeQL workflows</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rjlt9b6n6:--label " id=":Rjlt9b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/code-scanning/troubleshooting-code-scanning/unclear-what-triggered-a-workflow"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rjlt9b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Unclear what triggered a workflow</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rklt9b6n6:--label " id=":Rklt9b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/code-scanning/troubleshooting-code-scanning/unnecessary-step-found"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rklt9b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Unnecessary step found</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rllt9b6n6:--label " id=":Rllt9b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/code-scanning/troubleshooting-code-scanning/kotlin-detected-in-no-build"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rllt9b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Kotlin detected in no build</span></div></a></li></ul></div></li><li aria-labelledby=":R259b6n6:" class="Box-sc-g0xbh4-0 Ywlla"><button tabindex="0" aria-labelledby=":R259b6n6:--label " id=":R259b6n6:" aria-expanded="false" aria-controls=":R259b6n6H1:" class="Item__LiBox-sc-yeql7o-0 kXKjOF"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><div class="Box-sc-g0xbh4-0 cUxMoC"><span id=":R259b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Troubleshooting SARIF uploads</span><span class="Box-sc-g0xbh4-0 lmYNOb"><svg aria-hidden="true" focusable="false" class="Octicon-sc-9kayk9-0 daAEFx" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path d="M12.78 5.22a.749.749 0 0 1 0 1.06l-4.25 4.25a.749.749 0 0 1-1.06 0L3.22 6.28a.749.749 0 1 1 1.06-1.06L8 8.939l3.72-3.719a.749.749 0 0 1 1.06 0Z"></path></svg></span></div></div></button><div><ul id=":R259b6n6H1:" aria-labelledby=":R259b6n6:" class="Box-sc-g0xbh4-0 gMkIpo"><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R1m59b6n6:--label " id=":R1m59b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/code-scanning/troubleshooting-sarif-uploads/ghas-required"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R1m59b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">GitHub Advanced Security disabled</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R2m59b6n6:--label " id=":R2m59b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/code-scanning/troubleshooting-sarif-uploads/default-setup-enabled"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R2m59b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Default setup is enabled</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R3m59b6n6:--label " id=":R3m59b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/code-scanning/troubleshooting-sarif-uploads/missing-token"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R3m59b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">GitHub token missing</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R4m59b6n6:--label " id=":R4m59b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/code-scanning/troubleshooting-sarif-uploads/sarif-invalid"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R4m59b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">SARIF file invalid</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R5m59b6n6:--label " id=":R5m59b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/code-scanning/troubleshooting-sarif-uploads/file-too-large"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R5m59b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Results file too large</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R6m59b6n6:--label " id=":R6m59b6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/code-scanning/troubleshooting-sarif-uploads/results-exceed-limit"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R6m59b6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Results exceed limits</span></div></a></li></ul></div></li></ul></div></li><li aria-labelledby=":Rbb6n6:" class="Box-sc-g0xbh4-0 Ywlla"><button tabindex="0" aria-labelledby=":Rbb6n6:--label " id=":Rbb6n6:" aria-expanded="false" aria-controls=":Rbb6n6H1:" class="Item__LiBox-sc-yeql7o-0 itjSOb"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><div class="Box-sc-g0xbh4-0 cUxMoC"><span id=":Rbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">CodeQL CLI</span><span class="Box-sc-g0xbh4-0 lmYNOb"><svg aria-hidden="true" focusable="false" class="Octicon-sc-9kayk9-0 daAEFx" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path d="M12.78 5.22a.749.749 0 0 1 0 1.06l-4.25 4.25a.749.749 0 0 1-1.06 0L3.22 6.28a.749.749 0 1 1 1.06-1.06L8 8.939l3.72-3.719a.749.749 0 0 1 1.06 0Z"></path></svg></span></div></div></button><div><ul id=":Rbb6n6H1:" aria-labelledby=":Rbb6n6:" class="Box-sc-g0xbh4-0 gMkIpo"><li aria-labelledby=":Rdbb6n6:" class="Box-sc-g0xbh4-0 Ywlla"><button tabindex="0" aria-labelledby=":Rdbb6n6:--label " id=":Rdbb6n6:" aria-expanded="false" aria-controls=":Rdbb6n6H1:" class="Item__LiBox-sc-yeql7o-0 kXKjOF"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><div class="Box-sc-g0xbh4-0 cUxMoC"><span id=":Rdbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Getting started</span><span class="Box-sc-g0xbh4-0 lmYNOb"><svg aria-hidden="true" focusable="false" class="Octicon-sc-9kayk9-0 daAEFx" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path d="M12.78 5.22a.749.749 0 0 1 0 1.06l-4.25 4.25a.749.749 0 0 1-1.06 0L3.22 6.28a.749.749 0 1 1 1.06-1.06L8 8.939l3.72-3.719a.749.749 0 0 1 1.06 0Z"></path></svg></span></div></div></button><div><ul id=":Rdbb6n6H1:" aria-labelledby=":Rdbb6n6:" class="Box-sc-g0xbh4-0 gMkIpo"><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rddbb6n6:--label " id=":Rddbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/getting-started-with-the-codeql-cli/about-the-codeql-cli"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rddbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">About the CodeQL CLI</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rldbb6n6:--label " id=":Rldbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/getting-started-with-the-codeql-cli/setting-up-the-codeql-cli"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rldbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Setting up the CodeQL CLI</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rtdbb6n6:--label " id=":Rtdbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/getting-started-with-the-codeql-cli/preparing-your-code-for-codeql-analysis"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rtdbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Preparing code for analysis</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R15dbb6n6:--label " id=":R15dbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/getting-started-with-the-codeql-cli/analyzing-your-code-with-codeql-queries"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R15dbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Analyzing code</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R1ddbb6n6:--label " id=":R1ddbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/getting-started-with-the-codeql-cli/uploading-codeql-analysis-results-to-github"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R1ddbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Uploading results to GitHub</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R1ldbb6n6:--label " id=":R1ldbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/getting-started-with-the-codeql-cli/customizing-analysis-with-codeql-packs"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R1ldbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Customizing analysis</span></div></a></li></ul></div></li><li aria-labelledby=":Rlbb6n6:" class="Box-sc-g0xbh4-0 Ywlla"><button tabindex="0" aria-labelledby=":Rlbb6n6:--label " id=":Rlbb6n6:" aria-expanded="false" aria-controls=":Rlbb6n6H1:" class="Item__LiBox-sc-yeql7o-0 kXKjOF"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><div class="Box-sc-g0xbh4-0 cUxMoC"><span id=":Rlbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Advanced functionality</span><span class="Box-sc-g0xbh4-0 lmYNOb"><svg aria-hidden="true" focusable="false" class="Octicon-sc-9kayk9-0 daAEFx" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path d="M12.78 5.22a.749.749 0 0 1 0 1.06l-4.25 4.25a.749.749 0 0 1-1.06 0L3.22 6.28a.749.749 0 1 1 1.06-1.06L8 8.939l3.72-3.719a.749.749 0 0 1 1.06 0Z"></path></svg></span></div></div></button><div><ul id=":Rlbb6n6H1:" aria-labelledby=":Rlbb6n6:" class="Box-sc-g0xbh4-0 gMkIpo"><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rdlbb6n6:--label " id=":Rdlbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/advanced-setup-of-the-codeql-cli"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rdlbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Advanced setup of the CodeQL CLI</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rllbb6n6:--label " id=":Rllbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/about-codeql-workspaces"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rllbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">About CodeQL workspaces</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rtlbb6n6:--label " id=":Rtlbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/using-custom-queries-with-the-codeql-cli"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rtlbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Using custom queries with the CodeQL CLI</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R15lbb6n6:--label " id=":R15lbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-codeql-query-suites"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R15lbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Creating CodeQL query suites</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R1dlbb6n6:--label " id=":R1dlbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/testing-custom-queries"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R1dlbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Testing custom queries</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R1llbb6n6:--label " id=":R1llbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/testing-query-help-files"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R1llbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Testing query help files</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R1tlbb6n6:--label " id=":R1tlbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-and-working-with-codeql-packs"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R1tlbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Creating and working with CodeQL packs</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R25lbb6n6:--label " id=":R25lbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/publishing-and-using-codeql-packs"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R25lbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Publishing and using CodeQL packs</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R2dlbb6n6:--label " id=":R2dlbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/specifying-command-options-in-a-codeql-configuration-file"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R2dlbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Specifying command options in a CodeQL configuration file</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R2llbb6n6:--label " id=":R2llbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/query-reference-files"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R2llbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Query reference files</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R2tlbb6n6:--label " id=":R2tlbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/sarif-output"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R2tlbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">CodeQL CLI SARIF output</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R35lbb6n6:--label " id=":R35lbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/csv-output"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R35lbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">CodeQL CLI CSV output</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R3dlbb6n6:--label " id=":R3dlbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/extractor-options"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R3dlbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Extractor options</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R3llbb6n6:--label " id=":R3llbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/exit-codes"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R3llbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Exit codes</span></div></a></li></ul></div></li><li aria-labelledby=":Rtbb6n6:" class="Box-sc-g0xbh4-0 Ywlla"><button tabindex="0" aria-labelledby=":Rtbb6n6:--label " id=":Rtbb6n6:" aria-expanded="false" aria-controls=":Rtbb6n6H1:" class="Item__LiBox-sc-yeql7o-0 kXKjOF"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><div class="Box-sc-g0xbh4-0 cUxMoC"><span id=":Rtbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">CodeQL CLI manual</span><span class="Box-sc-g0xbh4-0 lmYNOb"><svg aria-hidden="true" focusable="false" class="Octicon-sc-9kayk9-0 daAEFx" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path d="M12.78 5.22a.749.749 0 0 1 0 1.06l-4.25 4.25a.749.749 0 0 1-1.06 0L3.22 6.28a.749.749 0 1 1 1.06-1.06L8 8.939l3.72-3.719a.749.749 0 0 1 1.06 0Z"></path></svg></span></div></div></button><div><ul id=":Rtbb6n6H1:" aria-labelledby=":Rtbb6n6:" class="Box-sc-g0xbh4-0 gMkIpo"><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rdtbb6n6:--label " id=":Rdtbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/bqrs-decode"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rdtbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">bqrs decode</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rltbb6n6:--label " id=":Rltbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/bqrs-diff"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rltbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">bqrs diff</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rttbb6n6:--label " id=":Rttbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/bqrs-hash"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rttbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">bqrs hash</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R15tbb6n6:--label " id=":R15tbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/bqrs-info"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R15tbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">bqrs info</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R1dtbb6n6:--label " id=":R1dtbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/bqrs-interpret"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R1dtbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">bqrs interpret</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R1ltbb6n6:--label " id=":R1ltbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/database-add-diagnostic"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R1ltbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">database add-diagnostic</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R1ttbb6n6:--label " id=":R1ttbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/database-analyze"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R1ttbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">database analyze</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R25tbb6n6:--label " id=":R25tbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/database-bundle"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R25tbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">database bundle</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R2dtbb6n6:--label " id=":R2dtbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/database-cleanup"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R2dtbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">database cleanup</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R2ltbb6n6:--label " id=":R2ltbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/database-create"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R2ltbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">database create</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R2ttbb6n6:--label " id=":R2ttbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/database-export-diagnostics"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R2ttbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">database export-diagnostics</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R35tbb6n6:--label " id=":R35tbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/database-finalize"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R35tbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">database finalize</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R3dtbb6n6:--label " id=":R3dtbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/database-import"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R3dtbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">database import</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R3ltbb6n6:--label " id=":R3ltbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/database-index-files"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R3ltbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">database index-files</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R3ttbb6n6:--label " id=":R3ttbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/database-init"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R3ttbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">database init</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R45tbb6n6:--label " id=":R45tbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/database-interpret-results"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R45tbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">database interpret-results</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R4dtbb6n6:--label " id=":R4dtbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/database-print-baseline"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R4dtbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">database print-baseline</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R4ltbb6n6:--label " id=":R4ltbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/database-run-queries"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R4ltbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">database run-queries</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R4ttbb6n6:--label " id=":R4ttbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/database-trace-command"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R4ttbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">database trace-command</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R55tbb6n6:--label " id=":R55tbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/database-unbundle"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R55tbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">database unbundle</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R5dtbb6n6:--label " id=":R5dtbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/database-upgrade"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R5dtbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">database upgrade</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R5ltbb6n6:--label " id=":R5ltbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/dataset-check"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R5ltbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">dataset check</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R5ttbb6n6:--label " id=":R5ttbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/dataset-cleanup"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R5ttbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">dataset cleanup</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R65tbb6n6:--label " id=":R65tbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/dataset-import"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R65tbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">dataset import</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R6dtbb6n6:--label " id=":R6dtbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/dataset-measure"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R6dtbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">dataset measure</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R6ltbb6n6:--label " id=":R6ltbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/dataset-upgrade"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R6ltbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">dataset upgrade</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R6ttbb6n6:--label " id=":R6ttbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/diagnostic-add"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R6ttbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">diagnostic add</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R75tbb6n6:--label " id=":R75tbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/diagnostic-export"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R75tbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">diagnostic export</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R7dtbb6n6:--label " id=":R7dtbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/execute-cli-server"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R7dtbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">execute cli-server</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R7ltbb6n6:--label " id=":R7ltbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/execute-language-server"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R7ltbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">execute language-server</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R7ttbb6n6:--label " id=":R7ttbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/execute-queries"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R7ttbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">execute queries</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R85tbb6n6:--label " id=":R85tbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/execute-query-server"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R85tbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">execute query-server</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R8dtbb6n6:--label " id=":R8dtbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/execute-query-server2"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R8dtbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">execute query-server2</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R8ltbb6n6:--label " id=":R8ltbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/execute-upgrades"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R8ltbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">execute upgrades</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R8ttbb6n6:--label " id=":R8ttbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/generate-extensible-predicate-metadata"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R8ttbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">generate extensible-predicate-metadata</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R95tbb6n6:--label " id=":R95tbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/generate-log-summary"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R95tbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">generate log-summary</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R9dtbb6n6:--label " id=":R9dtbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/generate-query-help"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R9dtbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">generate query-help</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R9ltbb6n6:--label " id=":R9ltbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/github-merge-results"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R9ltbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">github merge-results</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R9ttbb6n6:--label " id=":R9ttbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/github-upload-results"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R9ttbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">github upload-results</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Ra5tbb6n6:--label " id=":Ra5tbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/pack-add"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Ra5tbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">pack add</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Radtbb6n6:--label " id=":Radtbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/pack-bundle"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Radtbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">pack bundle</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Raltbb6n6:--label " id=":Raltbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/pack-ci"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Raltbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">pack ci</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rattbb6n6:--label " id=":Rattbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/pack-create"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rattbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">pack create</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rb5tbb6n6:--label " id=":Rb5tbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/pack-download"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rb5tbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">pack download</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rbdtbb6n6:--label " id=":Rbdtbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/pack-init"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rbdtbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">pack init</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rbltbb6n6:--label " id=":Rbltbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/pack-install"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rbltbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">pack install</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rbttbb6n6:--label " id=":Rbttbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/pack-ls"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rbttbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">pack ls</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rc5tbb6n6:--label " id=":Rc5tbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/pack-packlist"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rc5tbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">pack packlist</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rcdtbb6n6:--label " id=":Rcdtbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/pack-publish"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rcdtbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">pack publish</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rcltbb6n6:--label " id=":Rcltbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/pack-resolve-dependencies"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rcltbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">pack resolve-dependencies</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rcttbb6n6:--label " id=":Rcttbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/pack-upgrade"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rcttbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">pack upgrade</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rd5tbb6n6:--label " id=":Rd5tbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/query-compile"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rd5tbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">query compile</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rddtbb6n6:--label " id=":Rddtbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/query-decompile"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rddtbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">query decompile</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rdltbb6n6:--label " id=":Rdltbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/query-format"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rdltbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">query format</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rdttbb6n6:--label " id=":Rdttbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/query-run"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rdttbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">query run</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Re5tbb6n6:--label " id=":Re5tbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/resolve-database"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Re5tbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">resolve database</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Redtbb6n6:--label " id=":Redtbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/resolve-extensions"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Redtbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">resolve extensions</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Reltbb6n6:--label " id=":Reltbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/resolve-extensions-by-pack"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Reltbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">resolve extensions-by-pack</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rettbb6n6:--label " id=":Rettbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/resolve-extractor"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rettbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">resolve extractor</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rf5tbb6n6:--label " id=":Rf5tbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/resolve-files"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rf5tbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">resolve files</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rfdtbb6n6:--label " id=":Rfdtbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/resolve-languages"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rfdtbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">resolve languages</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rfltbb6n6:--label " id=":Rfltbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/resolve-library-path"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rfltbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">resolve library-path</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rfttbb6n6:--label " id=":Rfttbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/resolve-metadata"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rfttbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">resolve metadata</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rg5tbb6n6:--label " id=":Rg5tbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/resolve-ml-models"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rg5tbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">resolve ml-models</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rgdtbb6n6:--label " id=":Rgdtbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/resolve-packs"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rgdtbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">resolve packs</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rgltbb6n6:--label " id=":Rgltbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/resolve-qlpacks"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rgltbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">resolve qlpacks</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rgttbb6n6:--label " id=":Rgttbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/resolve-qlref"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rgttbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">resolve qlref</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rh5tbb6n6:--label " id=":Rh5tbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/resolve-queries"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rh5tbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">resolve queries</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rhdtbb6n6:--label " id=":Rhdtbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/resolve-ram"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rhdtbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">resolve ram</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rhltbb6n6:--label " id=":Rhltbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/resolve-tests"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rhltbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">resolve tests</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rhttbb6n6:--label " id=":Rhttbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/resolve-upgrades"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rhttbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">resolve upgrades</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Ri5tbb6n6:--label " id=":Ri5tbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/test-accept"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Ri5tbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">test accept</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Ridtbb6n6:--label " id=":Ridtbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/test-extract"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Ridtbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">test extract</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Riltbb6n6:--label " id=":Riltbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/test-run"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Riltbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">test run</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rittbb6n6:--label " id=":Rittbb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-cli/codeql-cli-manual/version"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rittbb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">version</span></div></a></li></ul></div></li></ul></div></li><li aria-labelledby=":Rdb6n6:" class="Box-sc-g0xbh4-0 Ywlla"><button tabindex="0" aria-labelledby=":Rdb6n6:--label " id=":Rdb6n6:" aria-expanded="false" aria-controls=":Rdb6n6H1:" class="Item__LiBox-sc-yeql7o-0 itjSOb"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><div class="Box-sc-g0xbh4-0 cUxMoC"><span id=":Rdb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">CodeQL for VS Code</span><span class="Box-sc-g0xbh4-0 lmYNOb"><svg aria-hidden="true" focusable="false" class="Octicon-sc-9kayk9-0 daAEFx" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path d="M12.78 5.22a.749.749 0 0 1 0 1.06l-4.25 4.25a.749.749 0 0 1-1.06 0L3.22 6.28a.749.749 0 1 1 1.06-1.06L8 8.939l3.72-3.719a.749.749 0 0 1 1.06 0Z"></path></svg></span></div></div></button><div><ul id=":Rdb6n6H1:" aria-labelledby=":Rdb6n6:" class="Box-sc-g0xbh4-0 gMkIpo"><li aria-labelledby=":Rddb6n6:" class="Box-sc-g0xbh4-0 Ywlla"><button tabindex="0" aria-labelledby=":Rddb6n6:--label " id=":Rddb6n6:" aria-expanded="false" aria-controls=":Rddb6n6H1:" class="Item__LiBox-sc-yeql7o-0 kXKjOF"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><div class="Box-sc-g0xbh4-0 cUxMoC"><span id=":Rddb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Getting started</span><span class="Box-sc-g0xbh4-0 lmYNOb"><svg aria-hidden="true" focusable="false" class="Octicon-sc-9kayk9-0 daAEFx" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path d="M12.78 5.22a.749.749 0 0 1 0 1.06l-4.25 4.25a.749.749 0 0 1-1.06 0L3.22 6.28a.749.749 0 1 1 1.06-1.06L8 8.939l3.72-3.719a.749.749 0 0 1 1.06 0Z"></path></svg></span></div></div></button><div><ul id=":Rddb6n6H1:" aria-labelledby=":Rddb6n6:" class="Box-sc-g0xbh4-0 gMkIpo"><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rdddb6n6:--label " id=":Rdddb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/about-codeql-for-vs-code"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rdddb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">About the extension</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rlddb6n6:--label " id=":Rlddb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/installing-codeql-for-vs-code"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rlddb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Extension installation</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rtddb6n6:--label " id=":Rtddb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/managing-codeql-databases"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rtddb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Manage CodeQL databases</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R15ddb6n6:--label " id=":R15ddb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/running-codeql-queries"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R15ddb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Run CodeQL queries</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R1dddb6n6:--label " id=":R1dddb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/exploring-data-flow-with-path-queries"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R1dddb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Explore data flow</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R1lddb6n6:--label " id=":R1lddb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/running-codeql-queries-at-scale-with-multi-repository-variant-analysis"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R1lddb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Queries at scale</span></div></a></li></ul></div></li><li aria-labelledby=":Rldb6n6:" class="Box-sc-g0xbh4-0 Ywlla"><button tabindex="0" aria-labelledby=":Rldb6n6:--label " id=":Rldb6n6:" aria-expanded="false" aria-controls=":Rldb6n6H1:" class="Item__LiBox-sc-yeql7o-0 kXKjOF"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><div class="Box-sc-g0xbh4-0 cUxMoC"><span id=":Rldb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Advanced functionality</span><span class="Box-sc-g0xbh4-0 lmYNOb"><svg aria-hidden="true" focusable="false" class="Octicon-sc-9kayk9-0 daAEFx" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path d="M12.78 5.22a.749.749 0 0 1 0 1.06l-4.25 4.25a.749.749 0 0 1-1.06 0L3.22 6.28a.749.749 0 1 1 1.06-1.06L8 8.939l3.72-3.719a.749.749 0 0 1 1.06 0Z"></path></svg></span></div></div></button><div><ul id=":Rldb6n6H1:" aria-labelledby=":Rldb6n6:" class="Box-sc-g0xbh4-0 gMkIpo"><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rdldb6n6:--label " id=":Rdldb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/using-the-codeql-model-editor"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rdldb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">CodeQL model editor</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rlldb6n6:--label " id=":Rlldb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/creating-a-custom-query"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rlldb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Custom query creation</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rtldb6n6:--label " id=":Rtldb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/managing-codeql-packs"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rtldb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Manage CodeQL packs</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R15ldb6n6:--label " id=":R15ldb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/exploring-the-structure-of-your-source-code"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R15ldb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Explore code structure</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R1dldb6n6:--label " id=":R1dldb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/testing-codeql-queries-in-vs-code"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R1dldb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Test CodeQL queries</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R1lldb6n6:--label " id=":R1lldb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/customizing-settings"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R1lldb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Customize settings</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R1tldb6n6:--label " id=":R1tldb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/setting-up-a-codeql-workspace"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R1tldb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">CodeQL workspace setup</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R25ldb6n6:--label " id=":R25ldb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/configuring-access-to-the-codeql-cli"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R25ldb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">CodeQL CLI access</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R2dldb6n6:--label " id=":R2dldb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/telemetry-in-codeql-for-visual-studio-code"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R2dldb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Telemetry</span></div></a></li></ul></div></li><li aria-labelledby=":Rtdb6n6:" class="Box-sc-g0xbh4-0 Ywlla"><button tabindex="0" aria-labelledby=":Rtdb6n6:--label " id=":Rtdb6n6:" aria-expanded="false" aria-controls=":Rtdb6n6H1:" class="Item__LiBox-sc-yeql7o-0 kXKjOF"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><div class="Box-sc-g0xbh4-0 cUxMoC"><span id=":Rtdb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Troubleshooting CodeQL for VS Code</span><span class="Box-sc-g0xbh4-0 lmYNOb"><svg aria-hidden="true" focusable="false" class="Octicon-sc-9kayk9-0 daAEFx" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path d="M12.78 5.22a.749.749 0 0 1 0 1.06l-4.25 4.25a.749.749 0 0 1-1.06 0L3.22 6.28a.749.749 0 1 1 1.06-1.06L8 8.939l3.72-3.719a.749.749 0 0 1 1.06 0Z"></path></svg></span></div></div></button><div><ul id=":Rtdb6n6H1:" aria-labelledby=":Rtdb6n6:" class="Box-sc-g0xbh4-0 gMkIpo"><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rdtdb6n6:--label " id=":Rdtdb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-for-vs-code/troubleshooting-codeql-for-vs-code/accessing-logs"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rdtdb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Access logs</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rltdb6n6:--label " id=":Rltdb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/codeql-for-vs-code/troubleshooting-codeql-for-vs-code/warning-problem-with-controller-repository"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rltdb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Problem with controller repository</span></div></a></li></ul></div></li></ul></div></li><li aria-labelledby=":Rfb6n6:" class="Box-sc-g0xbh4-0 Ywlla"><button tabindex="0" aria-labelledby=":Rfb6n6:--label " id=":Rfb6n6:" aria-expanded="false" aria-controls=":Rfb6n6H1:" class="Item__LiBox-sc-yeql7o-0 itjSOb"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><div class="Box-sc-g0xbh4-0 cUxMoC"><span id=":Rfb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Security advisories</span><span class="Box-sc-g0xbh4-0 lmYNOb"><svg aria-hidden="true" focusable="false" class="Octicon-sc-9kayk9-0 daAEFx" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path d="M12.78 5.22a.749.749 0 0 1 0 1.06l-4.25 4.25a.749.749 0 0 1-1.06 0L3.22 6.28a.749.749 0 1 1 1.06-1.06L8 8.939l3.72-3.719a.749.749 0 0 1 1.06 0Z"></path></svg></span></div></div></button><div><ul id=":Rfb6n6H1:" aria-labelledby=":Rfb6n6:" class="Box-sc-g0xbh4-0 gMkIpo"><li aria-labelledby=":Rdfb6n6:" class="Box-sc-g0xbh4-0 Ywlla"><button tabindex="0" aria-labelledby=":Rdfb6n6:--label " id=":Rdfb6n6:" aria-expanded="false" aria-controls=":Rdfb6n6H1:" class="Item__LiBox-sc-yeql7o-0 kXKjOF"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><div class="Box-sc-g0xbh4-0 cUxMoC"><span id=":Rdfb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Global security advisories</span><span class="Box-sc-g0xbh4-0 lmYNOb"><svg aria-hidden="true" focusable="false" class="Octicon-sc-9kayk9-0 daAEFx" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path d="M12.78 5.22a.749.749 0 0 1 0 1.06l-4.25 4.25a.749.749 0 0 1-1.06 0L3.22 6.28a.749.749 0 1 1 1.06-1.06L8 8.939l3.72-3.719a.749.749 0 0 1 1.06 0Z"></path></svg></span></div></div></button><div><ul id=":Rdfb6n6H1:" aria-labelledby=":Rdfb6n6:" class="Box-sc-g0xbh4-0 gMkIpo"><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rddfb6n6:--label " id=":Rddfb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/about-the-github-advisory-database"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rddfb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">About the GitHub Advisory database</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rldfb6n6:--label " id=":Rldfb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/about-global-security-advisories"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rldfb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">About global security advisories</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rtdfb6n6:--label " id=":Rtdfb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/browsing-security-advisories-in-the-github-advisory-database"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rtdfb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Browse Advisory Database</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R15dfb6n6:--label " id=":R15dfb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/editing-security-advisories-in-the-github-advisory-database"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R15dfb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Edit Advisory Database</span></div></a></li></ul></div></li><li aria-labelledby=":Rlfb6n6:" class="Box-sc-g0xbh4-0 Ywlla"><button tabindex="0" aria-labelledby=":Rlfb6n6:--label " id=":Rlfb6n6:" aria-expanded="false" aria-controls=":Rlfb6n6H1:" class="Item__LiBox-sc-yeql7o-0 kXKjOF"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><div class="Box-sc-g0xbh4-0 cUxMoC"><span id=":Rlfb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Repository security advisories</span><span class="Box-sc-g0xbh4-0 lmYNOb"><svg aria-hidden="true" focusable="false" class="Octicon-sc-9kayk9-0 daAEFx" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path d="M12.78 5.22a.749.749 0 0 1 0 1.06l-4.25 4.25a.749.749 0 0 1-1.06 0L3.22 6.28a.749.749 0 1 1 1.06-1.06L8 8.939l3.72-3.719a.749.749 0 0 1 1.06 0Z"></path></svg></span></div></div></button><div><ul id=":Rlfb6n6H1:" aria-labelledby=":Rlfb6n6:" class="Box-sc-g0xbh4-0 gMkIpo"><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rdlfb6n6:--label " id=":Rdlfb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/security-advisories/working-with-repository-security-advisories/about-repository-security-advisories"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rdlfb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">About repository security advisories</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rllfb6n6:--label " id=":Rllfb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/security-advisories/working-with-repository-security-advisories/permission-levels-for-repository-security-advisories"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rllfb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Permission levels</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rtlfb6n6:--label " id=":Rtlfb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rtlfb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Configure for a repository</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R15lfb6n6:--label " id=":R15lfb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-an-organization"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R15lfb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Configure for an organization</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R1dlfb6n6:--label " id=":R1dlfb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/security-advisories/working-with-repository-security-advisories/creating-a-repository-security-advisory"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R1dlfb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Create repository advisories</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R1llfb6n6:--label " id=":R1llfb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/security-advisories/working-with-repository-security-advisories/editing-a-repository-security-advisory"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R1llfb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Edit repository advisories</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R1tlfb6n6:--label " id=":R1tlfb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/security-advisories/working-with-repository-security-advisories/evaluating-the-security-settings-of-a-repository"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R1tlfb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Evaluate repository security</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R25lfb6n6:--label " id=":R25lfb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/security-advisories/working-with-repository-security-advisories/collaborating-in-a-temporary-private-fork-to-resolve-a-repository-security-vulnerability"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R25lfb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Temporary private forks</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R2dlfb6n6:--label " id=":R2dlfb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/security-advisories/working-with-repository-security-advisories/publishing-a-repository-security-advisory"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R2dlfb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Publish repository advisories</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R2llfb6n6:--label " id=":R2llfb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/security-advisories/working-with-repository-security-advisories/adding-a-collaborator-to-a-repository-security-advisory"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R2llfb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Add collaborators</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R2tlfb6n6:--label " id=":R2tlfb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/security-advisories/working-with-repository-security-advisories/removing-a-collaborator-from-a-repository-security-advisory"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R2tlfb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Remove collaborators</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R35lfb6n6:--label " id=":R35lfb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/security-advisories/working-with-repository-security-advisories/deleting-a-repository-security-advisory"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R35lfb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Delete repository advisories</span></div></a></li></ul></div></li><li aria-labelledby=":Rtfb6n6:" class="Box-sc-g0xbh4-0 Ywlla"><button tabindex="0" aria-labelledby=":Rtfb6n6:--label " id=":Rtfb6n6:" aria-expanded="false" aria-controls=":Rtfb6n6H1:" class="Item__LiBox-sc-yeql7o-0 kXKjOF"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><div class="Box-sc-g0xbh4-0 cUxMoC"><span id=":Rtfb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Guidance on reporting and writing</span><span class="Box-sc-g0xbh4-0 lmYNOb"><svg aria-hidden="true" focusable="false" class="Octicon-sc-9kayk9-0 daAEFx" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path d="M12.78 5.22a.749.749 0 0 1 0 1.06l-4.25 4.25a.749.749 0 0 1-1.06 0L3.22 6.28a.749.749 0 1 1 1.06-1.06L8 8.939l3.72-3.719a.749.749 0 0 1 1.06 0Z"></path></svg></span></div></div></button><div><ul id=":Rtfb6n6H1:" aria-labelledby=":Rtfb6n6:" class="Box-sc-g0xbh4-0 gMkIpo"><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rdtfb6n6:--label " id=":Rdtfb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/about-coordinated-disclosure-of-security-vulnerabilities"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rdtfb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Coordinated disclosure</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rltfb6n6:--label " id=":Rltfb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/best-practices-for-writing-repository-security-advisories"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rltfb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Best practices</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rttfb6n6:--label " id=":Rttfb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rttfb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Privately reporting</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R15tfb6n6:--label " id=":R15tfb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/managing-privately-reported-security-vulnerabilities"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R15tfb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Manage vulnerability reports</span></div></a></li></ul></div></li></ul></div></li><li aria-labelledby=":Rhb6n6:" class="Box-sc-g0xbh4-0 Ywlla"><button tabindex="0" aria-labelledby=":Rhb6n6:--label " id=":Rhb6n6:" aria-expanded="false" aria-controls=":Rhb6n6H1:" class="Item__LiBox-sc-yeql7o-0 itjSOb"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><div class="Box-sc-g0xbh4-0 cUxMoC"><span id=":Rhb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Supply chain security</span><span class="Box-sc-g0xbh4-0 lmYNOb"><svg aria-hidden="true" focusable="false" class="Octicon-sc-9kayk9-0 daAEFx" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path d="M12.78 5.22a.749.749 0 0 1 0 1.06l-4.25 4.25a.749.749 0 0 1-1.06 0L3.22 6.28a.749.749 0 1 1 1.06-1.06L8 8.939l3.72-3.719a.749.749 0 0 1 1.06 0Z"></path></svg></span></div></div></button><div><ul id=":Rhb6n6H1:" aria-labelledby=":Rhb6n6:" class="Box-sc-g0xbh4-0 gMkIpo"><li aria-labelledby=":Rdhb6n6:" class="Box-sc-g0xbh4-0 Ywlla"><button tabindex="0" aria-labelledby=":Rdhb6n6:--label " id=":Rdhb6n6:" aria-expanded="false" aria-controls=":Rdhb6n6H1:" class="Item__LiBox-sc-yeql7o-0 kXKjOF"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><div class="Box-sc-g0xbh4-0 cUxMoC"><span id=":Rdhb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Understand your supply chain</span><span class="Box-sc-g0xbh4-0 lmYNOb"><svg aria-hidden="true" focusable="false" class="Octicon-sc-9kayk9-0 daAEFx" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path d="M12.78 5.22a.749.749 0 0 1 0 1.06l-4.25 4.25a.749.749 0 0 1-1.06 0L3.22 6.28a.749.749 0 1 1 1.06-1.06L8 8.939l3.72-3.719a.749.749 0 0 1 1.06 0Z"></path></svg></span></div></div></button><div><ul id=":Rdhb6n6H1:" aria-labelledby=":Rdhb6n6:" class="Box-sc-g0xbh4-0 gMkIpo"><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rddhb6n6:--label " id=":Rddhb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rddhb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Supply chain security</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rldhb6n6:--label " id=":Rldhb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rldhb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Dependency graph</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rtdhb6n6:--label " id=":Rtdhb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/supply-chain-security/understanding-your-software-supply-chain/dependency-graph-supported-package-ecosystems"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rtdhb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Dependency graph ecosystem support</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R15dhb6n6:--label " id=":R15dhb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-the-dependency-graph"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R15dhb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Configure dependency graph</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R1ddhb6n6:--label " id=":R1ddhb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R1ddhb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Automatic dependency submission</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R1ldhb6n6:--label " id=":R1ldhb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/supply-chain-security/understanding-your-software-supply-chain/exporting-a-software-bill-of-materials-for-your-repository"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R1ldhb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Export dependencies as SBOM</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R1tdhb6n6:--label " id=":R1tdhb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R1tdhb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Dependency submission API</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R25dhb6n6:--label " id=":R25dhb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R25dhb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Dependency review</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R2ddhb6n6:--label " id=":R2ddhb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R2ddhb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Configure dependency review</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R2ldhb6n6:--label " id=":R2ldhb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/supply-chain-security/understanding-your-software-supply-chain/customizing-your-dependency-review-action-configuration"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R2ldhb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Customize dependency review</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R2tdhb6n6:--label " id=":R2tdhb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/supply-chain-security/understanding-your-software-supply-chain/enforcing-dependency-review-across-an-organization"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R2tdhb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Enforce dependency review</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R35dhb6n6:--label " id=":R35dhb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R35dhb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Explore dependencies</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R3ddhb6n6:--label " id=":R3ddhb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/supply-chain-security/understanding-your-software-supply-chain/troubleshooting-the-dependency-graph"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R3ddhb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Troubleshoot dependency graph</span></div></a></li></ul></div></li><li aria-labelledby=":Rlhb6n6:" class="Box-sc-g0xbh4-0 Ywlla"><button tabindex="0" aria-labelledby=":Rlhb6n6:--label " id=":Rlhb6n6:" aria-expanded="false" aria-controls=":Rlhb6n6H1:" class="Item__LiBox-sc-yeql7o-0 kXKjOF"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><div class="Box-sc-g0xbh4-0 cUxMoC"><span id=":Rlhb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">End-to-end supply chain</span><span class="Box-sc-g0xbh4-0 lmYNOb"><svg aria-hidden="true" focusable="false" class="Octicon-sc-9kayk9-0 daAEFx" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path d="M12.78 5.22a.749.749 0 0 1 0 1.06l-4.25 4.25a.749.749 0 0 1-1.06 0L3.22 6.28a.749.749 0 1 1 1.06-1.06L8 8.939l3.72-3.719a.749.749 0 0 1 1.06 0Z"></path></svg></span></div></div></button><div><ul id=":Rlhb6n6H1:" aria-labelledby=":Rlhb6n6:" class="Box-sc-g0xbh4-0 gMkIpo"><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rdlhb6n6:--label " id=":Rdlhb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/supply-chain-security/end-to-end-supply-chain/end-to-end-supply-chain-overview"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rdlhb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Overview</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rllhb6n6:--label " id=":Rllhb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/supply-chain-security/end-to-end-supply-chain/securing-accounts"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rllhb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Securing accounts</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rtlhb6n6:--label " id=":Rtlhb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/supply-chain-security/end-to-end-supply-chain/securing-code"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rtlhb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Securing code</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R15lhb6n6:--label " id=":R15lhb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/supply-chain-security/end-to-end-supply-chain/securing-builds"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R15lhb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Securing builds</span></div></a></li></ul></div></li></ul></div></li><li aria-labelledby=":Rjb6n6:" class="Box-sc-g0xbh4-0 Ywlla"><button tabindex="0" aria-labelledby=":Rjb6n6:--label " id=":Rjb6n6:" aria-expanded="false" aria-controls=":Rjb6n6H1:" class="Item__LiBox-sc-yeql7o-0 itjSOb"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><div class="Box-sc-g0xbh4-0 cUxMoC"><span id=":Rjb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Dependabot</span><span class="Box-sc-g0xbh4-0 lmYNOb"><svg aria-hidden="true" focusable="false" class="Octicon-sc-9kayk9-0 daAEFx" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path d="M12.78 5.22a.749.749 0 0 1 0 1.06l-4.25 4.25a.749.749 0 0 1-1.06 0L3.22 6.28a.749.749 0 1 1 1.06-1.06L8 8.939l3.72-3.719a.749.749 0 0 1 1.06 0Z"></path></svg></span></div></div></button><div><ul id=":Rjb6n6H1:" aria-labelledby=":Rjb6n6:" class="Box-sc-g0xbh4-0 gMkIpo"><li aria-labelledby=":Rdjb6n6:" class="Box-sc-g0xbh4-0 Ywlla"><button tabindex="0" aria-labelledby=":Rdjb6n6:--label " id=":Rdjb6n6:" aria-expanded="false" aria-controls=":Rdjb6n6H1:" class="Item__LiBox-sc-yeql7o-0 kXKjOF"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><div class="Box-sc-g0xbh4-0 cUxMoC"><span id=":Rdjb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Dependabot ecosystems</span><span class="Box-sc-g0xbh4-0 lmYNOb"><svg aria-hidden="true" focusable="false" class="Octicon-sc-9kayk9-0 daAEFx" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path d="M12.78 5.22a.749.749 0 0 1 0 1.06l-4.25 4.25a.749.749 0 0 1-1.06 0L3.22 6.28a.749.749 0 1 1 1.06-1.06L8 8.939l3.72-3.719a.749.749 0 0 1 1.06 0Z"></path></svg></span></div></div></button><div><ul id=":Rdjb6n6H1:" aria-labelledby=":Rdjb6n6:" class="Box-sc-g0xbh4-0 gMkIpo"><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rqdjb6n6:--label " id=":Rqdjb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/dependabot/ecosystems-supported-by-dependabot/supported-ecosystems-and-repositories"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rqdjb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Dependabot ecosystem support</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R1adjb6n6:--label " id=":R1adjb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/dependabot/ecosystems-supported-by-dependabot/optimizing-java-packages-dependabot"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R1adjb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Optimize Java packages</span></div></a></li></ul></div></li><li aria-labelledby=":Rljb6n6:" class="Box-sc-g0xbh4-0 Ywlla"><button tabindex="0" aria-labelledby=":Rljb6n6:--label " id=":Rljb6n6:" aria-expanded="false" aria-controls=":Rljb6n6H1:" class="Item__LiBox-sc-yeql7o-0 kXKjOF"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><div class="Box-sc-g0xbh4-0 cUxMoC"><span id=":Rljb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Dependabot alerts</span><span class="Box-sc-g0xbh4-0 lmYNOb"><svg aria-hidden="true" focusable="false" class="Octicon-sc-9kayk9-0 daAEFx" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path d="M12.78 5.22a.749.749 0 0 1 0 1.06l-4.25 4.25a.749.749 0 0 1-1.06 0L3.22 6.28a.749.749 0 1 1 1.06-1.06L8 8.939l3.72-3.719a.749.749 0 0 1 1.06 0Z"></path></svg></span></div></div></button><div><ul id=":Rljb6n6H1:" aria-labelledby=":Rljb6n6:" class="Box-sc-g0xbh4-0 gMkIpo"><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rqljb6n6:--label " id=":Rqljb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/dependabot/dependabot-alerts/about-dependabot-alerts"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rqljb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Dependabot alerts</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R1aljb6n6:--label " id=":R1aljb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R1aljb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Configure Dependabot alerts</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R1qljb6n6:--label " id=":R1qljb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R1qljb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">View Dependabot alerts</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R2aljb6n6:--label " id=":R2aljb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R2aljb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Configure notifications</span></div></a></li></ul></div></li><li aria-labelledby=":Rtjb6n6:" class="Box-sc-g0xbh4-0 Ywlla"><button tabindex="0" aria-labelledby=":Rtjb6n6:--label " id=":Rtjb6n6:" aria-expanded="false" aria-controls=":Rtjb6n6H1:" class="Item__LiBox-sc-yeql7o-0 kXKjOF"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><div class="Box-sc-g0xbh4-0 cUxMoC"><span id=":Rtjb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Dependabot auto-triage rules</span><span class="Box-sc-g0xbh4-0 lmYNOb"><svg aria-hidden="true" focusable="false" class="Octicon-sc-9kayk9-0 daAEFx" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path d="M12.78 5.22a.749.749 0 0 1 0 1.06l-4.25 4.25a.749.749 0 0 1-1.06 0L3.22 6.28a.749.749 0 1 1 1.06-1.06L8 8.939l3.72-3.719a.749.749 0 0 1 1.06 0Z"></path></svg></span></div></div></button><div><ul id=":Rtjb6n6H1:" aria-labelledby=":Rtjb6n6:" class="Box-sc-g0xbh4-0 gMkIpo"><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rqtjb6n6:--label " id=":Rqtjb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/dependabot/dependabot-auto-triage-rules/about-dependabot-auto-triage-rules"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rqtjb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">About auto-triage rules</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R1atjb6n6:--label " id=":R1atjb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/dependabot/dependabot-auto-triage-rules/using-github-preset-rules-to-prioritize-dependabot-alerts"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R1atjb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">GitHub preset rules</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R1qtjb6n6:--label " id=":R1qtjb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/dependabot/dependabot-auto-triage-rules/customizing-auto-triage-rules-to-prioritize-dependabot-alerts"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R1qtjb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Custom auto-triage rules</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R2atjb6n6:--label " id=":R2atjb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/dependabot/dependabot-auto-triage-rules/managing-automatically-dismissed-alerts"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R2atjb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Manage auto-dismissed alerts</span></div></a></li></ul></div></li><li aria-labelledby=":R15jb6n6:" class="Box-sc-g0xbh4-0 Ywlla"><button tabindex="0" aria-labelledby=":R15jb6n6:--label " id=":R15jb6n6:" aria-expanded="false" aria-controls=":R15jb6n6H1:" class="Item__LiBox-sc-yeql7o-0 kXKjOF"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><div class="Box-sc-g0xbh4-0 cUxMoC"><span id=":R15jb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Dependabot security updates</span><span class="Box-sc-g0xbh4-0 lmYNOb"><svg aria-hidden="true" focusable="false" class="Octicon-sc-9kayk9-0 daAEFx" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path d="M12.78 5.22a.749.749 0 0 1 0 1.06l-4.25 4.25a.749.749 0 0 1-1.06 0L3.22 6.28a.749.749 0 1 1 1.06-1.06L8 8.939l3.72-3.719a.749.749 0 0 1 1.06 0Z"></path></svg></span></div></div></button><div><ul id=":R15jb6n6H1:" aria-labelledby=":R15jb6n6:" class="Box-sc-g0xbh4-0 gMkIpo"><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rr5jb6n6:--label " id=":Rr5jb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rr5jb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Dependabot security updates</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R1b5jb6n6:--label " id=":R1b5jb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R1b5jb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Configure security updates</span></div></a></li></ul></div></li><li aria-labelledby=":R1djb6n6:" class="Box-sc-g0xbh4-0 Ywlla"><button tabindex="0" aria-labelledby=":R1djb6n6:--label " id=":R1djb6n6:" aria-expanded="false" aria-controls=":R1djb6n6H1:" class="Item__LiBox-sc-yeql7o-0 kXKjOF"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><div class="Box-sc-g0xbh4-0 cUxMoC"><span id=":R1djb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Dependabot version updates</span><span class="Box-sc-g0xbh4-0 lmYNOb"><svg aria-hidden="true" focusable="false" class="Octicon-sc-9kayk9-0 daAEFx" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path d="M12.78 5.22a.749.749 0 0 1 0 1.06l-4.25 4.25a.749.749 0 0 1-1.06 0L3.22 6.28a.749.749 0 1 1 1.06-1.06L8 8.939l3.72-3.719a.749.749 0 0 1 1.06 0Z"></path></svg></span></div></div></button><div><ul id=":R1djb6n6H1:" aria-labelledby=":R1djb6n6:" class="Box-sc-g0xbh4-0 gMkIpo"><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rrdjb6n6:--label " id=":Rrdjb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rrdjb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Dependabot version updates</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R1bdjb6n6:--label " id=":R1bdjb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R1bdjb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Configure version updates</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R1rdjb6n6:--label " id=":R1rdjb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/dependabot/dependabot-version-updates/listing-dependencies-configured-for-version-updates"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R1rdjb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">List configured dependencies</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R2bdjb6n6:--label " id=":R2bdjb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/dependabot/dependabot-version-updates/customizing-dependency-updates"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R2bdjb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Customize updates</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R2rdjb6n6:--label " id=":R2rdjb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R2rdjb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Configure dependabot.yml</span></div></a></li></ul></div></li><li aria-labelledby=":R1ljb6n6:" class="Box-sc-g0xbh4-0 Ywlla"><button tabindex="0" aria-labelledby=":R1ljb6n6:--label " id=":R1ljb6n6:" aria-expanded="false" aria-controls=":R1ljb6n6H1:" class="Item__LiBox-sc-yeql7o-0 kXKjOF"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><div class="Box-sc-g0xbh4-0 cUxMoC"><span id=":R1ljb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Work with Dependabot</span><span class="Box-sc-g0xbh4-0 lmYNOb"><svg aria-hidden="true" focusable="false" class="Octicon-sc-9kayk9-0 daAEFx" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path d="M12.78 5.22a.749.749 0 0 1 0 1.06l-4.25 4.25a.749.749 0 0 1-1.06 0L3.22 6.28a.749.749 0 1 1 1.06-1.06L8 8.939l3.72-3.719a.749.749 0 0 1 1.06 0Z"></path></svg></span></div></div></button><div><ul id=":R1ljb6n6H1:" aria-labelledby=":R1ljb6n6:" class="Box-sc-g0xbh4-0 gMkIpo"><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rrljb6n6:--label " id=":Rrljb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rrljb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Manage Dependabot PRs</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R1bljb6n6:--label " id=":R1bljb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/dependabot/working-with-dependabot/about-dependabot-on-github-actions-runners"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R1bljb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">About Dependabot on Actions</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R1rljb6n6:--label " id=":R1rljb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/dependabot/working-with-dependabot/managing-dependabot-on-self-hosted-runners"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R1rljb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Manage Dependabot on self-hosted runners</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R2bljb6n6:--label " id=":R2bljb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R2bljb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Use Dependabot with Actions</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R2rljb6n6:--label " id=":R2rljb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R2rljb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Auto-update actions</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R3bljb6n6:--label " id=":R3bljb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R3bljb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Configure access to private registries</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R3rljb6n6:--label " id=":R3rljb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/dependabot/working-with-dependabot/guidance-for-the-configuration-of-private-registries-for-dependabot"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R3rljb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Guidance for configuring private registries</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R4bljb6n6:--label " id=":R4bljb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/dependabot/working-with-dependabot/removing-dependabot-access-to-public-registries"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R4bljb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Remove access to public registries</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R4rljb6n6:--label " id=":R4rljb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/dependabot/working-with-dependabot/viewing-dependabot-job-logs"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R4rljb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Viewing Dependabot logs</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R5bljb6n6:--label " id=":R5bljb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/dependabot/working-with-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R5bljb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Troubleshoot vulnerability detection</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R5rljb6n6:--label " id=":R5rljb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R5rljb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Troubleshoot errors</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":R6bljb6n6:--label " id=":R6bljb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 dibTck" href="/en/code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-on-github-actions"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R6bljb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Troubleshoot Dependabot on Actions</span></div></a></li></ul></div></li></ul></div></li><li aria-labelledby=":Rlb6n6:" class="Box-sc-g0xbh4-0 Ywlla"><button tabindex="0" aria-labelledby=":Rlb6n6:--label " id=":Rlb6n6:" aria-expanded="false" aria-controls=":Rlb6n6H1:" class="Item__LiBox-sc-yeql7o-0 itjSOb"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><div class="Box-sc-g0xbh4-0 cUxMoC"><span id=":Rlb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">Security overview</span><span class="Box-sc-g0xbh4-0 lmYNOb"><svg aria-hidden="true" focusable="false" class="Octicon-sc-9kayk9-0 daAEFx" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path d="M12.78 5.22a.749.749 0 0 1 0 1.06l-4.25 4.25a.749.749 0 0 1-1.06 0L3.22 6.28a.749.749 0 1 1 1.06-1.06L8 8.939l3.72-3.719a.749.749 0 0 1 1.06 0Z"></path></svg></span></div></div></button><div><ul id=":Rlb6n6H1:" aria-labelledby=":Rlb6n6:" class="Box-sc-g0xbh4-0 gMkIpo"><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a sx="[object Object]" tabindex="0" aria-labelledby=":Rdlb6n6:--label " id=":Rdlb6n6:" aria-current="false" class="Link__StyledLink-sc-14289xe-0 fuIgwR" href="/en/code-security/security-overview/about-security-overview"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":Rdlb6n6:--label" class="Box-sc-g0xbh4-0 bmseMA">About security overview</span></div></a></li></ul></div></li></ul></nav></div></div></div></nav></div><div class="flex-column flex-1 min-width-0"><main id="main-content" style="scroll-margin-top:5rem"><div class="container-xl px-3 px-md-6 my-4"><div class="d-none d-xxl-block mt-3 mr-auto width-full"><nav data-testid="breadcrumbs-in-article" class="f5 breadcrumbs Breadcrumbs_breadcrumbs__xAC4i" aria-label="Breadcrumb" data-container="breadcrumbs"><ul><li class="d-inline-block"><a rel="" data-testid="breadcrumb-link" title="Code security" class="Link--primary mr-2 color-fg-muted" href="/en/code-security">Code security</a><span class="color-fg-muted pr-2">/</span></li><li class="d-inline-block"><a rel="" data-testid="breadcrumb-link" title="Code scanning" class="Link--primary mr-2 color-fg-muted" href="/en/code-security/code-scanning">Code scanning</a><span class="color-fg-muted pr-2">/</span></li><li class="d-inline-block"><a rel="" data-testid="breadcrumb-link" title="Create advanced setup" class="Link--primary mr-2 color-fg-muted" href="/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning">Create advanced setup</a><span class="color-fg-muted pr-2">/</span></li><li class="d-inline-block"><a rel="" data-testid="breadcrumb-link" title="Customize advanced setup" class="Link--primary mr-2 color-fg-muted d-none" href="/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning">Customize advanced setup</a></li></ul></nav></div><div class="ArticleGridLayout_containerBox__lLLio"><div class="Box-sc-g0xbh4-0 eQiQea"><div class="d-flex flex-items-baseline flex-justify-between" data-container="title"><h1 id="title-h1" class="border-bottom-0">Customizing your advanced setup for code scanning</h1></div></div><div id="article-intro" class="Box-sc-g0xbh4-0 ijSsTo f4 pb-4"><div class="f2 color-fg-muted mb-3 Lead_container__m3L5f _page-intro" data-container="lead" data-testid="lead" data-search="lead"><p>You can customize how your advanced setup scans the code in your project for vulnerabilities and errors.</p></div><div class="Box-sc-g0xbh4-0 dMdwQg"><div data-search="hide" data-testid="permissions-callout"><div class="mb-3 d-inline-block"><h2 class="f4">Who can use this feature?</h2></div><div class="d-flex" data-testid="permissions-statement"><svg aria-hidden="true" focusable="false" class="mt-1" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path d="M10.561 8.073a6.005 6.005 0 0 1 3.432 5.142.75.75 0 1 1-1.498.07 4.5 4.5 0 0 0-8.99 0 .75.75 0 0 1-1.498-.07 6.004 6.004 0 0 1 3.431-5.142 3.999 3.999 0 1 1 5.123 0ZM10.5 5a2.5 2.5 0 1 0-5 0 2.5 2.5 0 0 0 5 0Z"></path></svg><div class="pl-2"><p>Users with <strong>write</strong> access if <a href="/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning" _originalHref="/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning">advanced setup</a> is already enabled</p></div></div></div></div></div><div data-container="toc" class="Box-sc-g0xbh4-0 giVcWX ArticleGridLayout_sidebarBox__Cj_03 border-bottom border-lg-0 pb-4 mb-5 pb-xl-0 mb-xl-0"><h2 id="in-this-article" class="Heading__StyledHeading-sc-1c1dgg0-0 bebFBv mb-1 ml-3" aria-label="In this article">In this article</h2><nav data-testid="minitoc" class="NavList__NavBox-sc-1c8ygf7-0 Minitocs_miniToc__NaGol my-2" aria-labelledby="in-this-article"><ul class="List__ListBox-sc-1x7olzq-0 hgjakc"><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a tabindex="0" aria-labelledby=":R4dkteqn6:--label " id=":R4dkteqn6:" aria-current="false" href="#about-code-scanning-configuration" class="Link__StyledLink-sc-14289xe-0 cJbOew Minitocs_nested__JSAov"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R4dkteqn6:--label" class="Box-sc-g0xbh4-0 bmseMA">About code scanning configuration</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a tabindex="0" aria-labelledby=":R4lkteqn6:--label " id=":R4lkteqn6:" aria-current="false" href="#editing-a-code-scanning-workflow" class="Link__StyledLink-sc-14289xe-0 cJbOew Minitocs_nested__JSAov"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R4lkteqn6:--label" class="Box-sc-g0xbh4-0 bmseMA">Editing a code scanning workflow</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a tabindex="0" aria-labelledby=":R4tkteqn6:--label " id=":R4tkteqn6:" aria-current="false" href="#configuring-frequency" class="Link__StyledLink-sc-14289xe-0 cJbOew Minitocs_nested__JSAov"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R4tkteqn6:--label" class="Box-sc-g0xbh4-0 bmseMA">Configuring frequency</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a tabindex="0" aria-labelledby=":R55kteqn6:--label " id=":R55kteqn6:" aria-current="false" href="#specifying-an-operating-system" class="Link__StyledLink-sc-14289xe-0 cJbOew Minitocs_nested__JSAov"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R55kteqn6:--label" class="Box-sc-g0xbh4-0 bmseMA">Specifying an operating system</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a tabindex="0" aria-labelledby=":R5dkteqn6:--label " id=":R5dkteqn6:" aria-current="false" href="#specifying-the-location-for-codeql-databases" class="Link__StyledLink-sc-14289xe-0 cJbOew Minitocs_nested__JSAov"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R5dkteqn6:--label" class="Box-sc-g0xbh4-0 bmseMA">Specifying the location for CodeQL databases</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a tabindex="0" aria-labelledby=":R5lkteqn6:--label " id=":R5lkteqn6:" aria-current="false" href="#changing-the-languages-that-are-analyzed" class="Link__StyledLink-sc-14289xe-0 cJbOew Minitocs_nested__JSAov"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R5lkteqn6:--label" class="Box-sc-g0xbh4-0 bmseMA">Changing the languages that are analyzed</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a tabindex="0" aria-labelledby=":R5tkteqn6:--label " id=":R5tkteqn6:" aria-current="false" href="#defining-the-alert-severities-that-cause-a-check-failure-for-a-pull-request" class="Link__StyledLink-sc-14289xe-0 cJbOew Minitocs_nested__JSAov"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R5tkteqn6:--label" class="Box-sc-g0xbh4-0 bmseMA">Defining the alert severities that cause a check failure for a pull request</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a tabindex="0" aria-labelledby=":R65kteqn6:--label " id=":R65kteqn6:" aria-current="false" href="#configuring-a-category-for-the-analysis" class="Link__StyledLink-sc-14289xe-0 cJbOew Minitocs_nested__JSAov"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R65kteqn6:--label" class="Box-sc-g0xbh4-0 bmseMA">Configuring a category for the analysis</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a tabindex="0" aria-labelledby=":R6dkteqn6:--label " id=":R6dkteqn6:" aria-current="false" href="#extending-codeql-coverage-with-codeql-model-packs" class="Link__StyledLink-sc-14289xe-0 cJbOew Minitocs_nested__JSAov"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R6dkteqn6:--label" class="Box-sc-g0xbh4-0 bmseMA">Extending CodeQL coverage with CodeQL model packs</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a tabindex="0" aria-labelledby=":R6lkteqn6:--label " id=":R6lkteqn6:" aria-current="false" href="#running-additional-queries" class="Link__StyledLink-sc-14289xe-0 cJbOew Minitocs_nested__JSAov"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R6lkteqn6:--label" class="Box-sc-g0xbh4-0 bmseMA">Running additional queries</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a tabindex="0" aria-labelledby=":R6tkteqn6:--label " id=":R6tkteqn6:" aria-current="false" href="#using-a-custom-configuration-file" class="Link__StyledLink-sc-14289xe-0 cJbOew Minitocs_nested__JSAov"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R6tkteqn6:--label" class="Box-sc-g0xbh4-0 bmseMA">Using a custom configuration file</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a tabindex="0" aria-labelledby=":R75kteqn6:--label " id=":R75kteqn6:" aria-current="false" href="#specifying-configuration-details-using-the-config-input" class="Link__StyledLink-sc-14289xe-0 cJbOew Minitocs_nested__JSAov"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R75kteqn6:--label" class="Box-sc-g0xbh4-0 bmseMA">Specifying configuration details using the config input</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a tabindex="0" aria-labelledby=":R7dkteqn6:--label " id=":R7dkteqn6:" aria-current="false" href="#configuring-code-scanning-for-compiled-languages" class="Link__StyledLink-sc-14289xe-0 cJbOew Minitocs_nested__JSAov"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R7dkteqn6:--label" class="Box-sc-g0xbh4-0 bmseMA">Configuring code scanning for compiled languages</span></div></a></li><li class="Item__LiBox-sc-yeql7o-0 lnYQME"><a tabindex="0" aria-labelledby=":R7lkteqn6:--label " id=":R7lkteqn6:" aria-current="false" href="#uploading-code-scanning-data-to-github" class="Link__StyledLink-sc-14289xe-0 cJbOew Minitocs_nested__JSAov"><div data-component="ActionList.Item--DividerContainer" class="Box-sc-g0xbh4-0 hROlum"><span id=":R7lkteqn6:--label" class="Box-sc-g0xbh4-0 bmseMA">Uploading code scanning data to GitHub</span></div></a></li></ul></nav></div><div data-container="article" data-search="article-body" class="Box-sc-g0xbh4-0 kohLxz"><div id="article-contents"><div class="MarkdownContent_markdownBody__v5MYy markdown-body"><h2 id="about-code-scanning-configuration" tabindex="-1"><a class="heading-link" href="#about-code-scanning-configuration">About code scanning configuration<span class="heading-link-symbol" aria-hidden="true"></span></a></h2> <p>You can run code scanning on GitHub, using GitHub Actions, or from your continuous integration (CI) system. For more information, see "<a href="/en/actions/learn-github-actions" _originalHref="/actions/learn-github-actions">Writing workflows</a>" or "<a href="/en/code-security/code-scanning/integrating-with-code-scanning/using-code-scanning-with-your-existing-ci-system" _originalHref="/code-security/code-scanning/integrating-with-code-scanning/using-code-scanning-with-your-existing-ci-system">Using code scanning with your existing CI system</a>."</p> <p>With advanced setup for code scanning, you can customize a code scanning workflow for granular control over your configuration. For more information, see "<a href="/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning" _originalHref="/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning">Configuring advanced setup for code scanning</a>."</p> <p>CodeQL analysis is just one type of code scanning you can do in GitHub. GitHub Marketplace contains other code scanning workflows you can use. You can find a selection of these on the "Get started with code scanning" page, which you can access from the <strong><svg version="1.1" width="16" height="16" viewBox="0 0 16 16" class="octicon octicon-shield" aria-hidden="true"><path d="M7.467.133a1.748 1.748 0 0 1 1.066 0l5.25 1.68A1.75 1.75 0 0 1 15 3.48V7c0 1.566-.32 3.182-1.303 4.682-.983 1.498-2.585 2.813-5.032 3.855a1.697 1.697 0 0 1-1.33 0c-2.447-1.042-4.049-2.357-5.032-3.855C1.32 10.182 1 8.566 1 7V3.48a1.75 1.75 0 0 1 1.217-1.667Zm.61 1.429a.25.25 0 0 0-.153 0l-5.25 1.68a.25.25 0 0 0-.174.238V7c0 1.358.275 2.666 1.057 3.86.784 1.194 2.121 2.34 4.366 3.297a.196.196 0 0 0 .154 0c2.245-.956 3.582-2.104 4.366-3.298C13.225 9.666 13.5 8.36 13.5 7V3.48a.251.251 0 0 0-.174-.237l-5.25-1.68ZM8.75 4.75v3a.75.75 0 0 1-1.5 0v-3a.75.75 0 0 1 1.5 0ZM9 10.5a1 1 0 1 1-2 0 1 1 0 0 1 2 0Z"></path></svg> Security</strong> tab. The specific examples given in this article relate to the CodeQL analysis workflow file.</p> <h2 id="editing-a-code-scanning-workflow" tabindex="-1"><a class="heading-link" href="#editing-a-code-scanning-workflow">Editing a code scanning workflow<span class="heading-link-symbol" aria-hidden="true"></span></a></h2> <p>GitHub saves workflow files in the <em>.github/workflows</em> directory of your repository. You can find a workflow you have added by searching for its file name. For example, by default, the workflow file for CodeQL code scanning is called <em>codeql-analysis.yml</em>.</p> <ol> <li>In your repository, browse to the workflow file you want to edit.</li> <li>In the upper right corner of the file view, to open the workflow editor, click <svg version="1.1" width="16" height="16" viewBox="0 0 16 16" class="octicon octicon-pencil" aria-label="Edit file" role="img"><path d="M11.013 1.427a1.75 1.75 0 0 1 2.474 0l1.086 1.086a1.75 1.75 0 0 1 0 2.474l-8.61 8.61c-.21.21-.47.364-.756.445l-3.251.93a.75.75 0 0 1-.927-.928l.929-3.25c.081-.286.235-.547.445-.758l8.61-8.61Zm.176 4.823L9.75 4.81l-6.286 6.287a.253.253 0 0 0-.064.108l-.558 1.953 1.953-.558a.253.253 0 0 0 .108-.064Zm1.238-3.763a.25.25 0 0 0-.354 0L10.811 3.75l1.439 1.44 1.263-1.263a.25.25 0 0 0 0-.354Z"></path></svg>.</li> <li>After you have edited the file, click <strong>Start commit</strong> and complete the "Commit changes" form. You can choose to commit directly to the current branch, or create a new branch and start a pull request.</li> </ol> <p>For more information about editing workflow files, see "<a href="/en/actions/learn-github-actions" _originalHref="/actions/learn-github-actions">Writing workflows</a>."</p> <h2 id="configuring-frequency" tabindex="-1"><a class="heading-link" href="#configuring-frequency">Configuring frequency<span class="heading-link-symbol" aria-hidden="true"></span></a></h2> <p>You can configure the CodeQL analysis workflow to scan code on a schedule or when specific events occur in a repository.</p> <p>Scanning code when someone pushes a change, and whenever a pull request is created, prevents developers from introducing new vulnerabilities and errors into the code. Scanning code on a schedule informs you about the latest vulnerabilities and errors that GitHub, security researchers, and the community discover, even when developers aren't actively maintaining the repository.</p> <h3 id="scanning-on-push" tabindex="-1"><a class="heading-link" href="#scanning-on-push">Scanning on push<span class="heading-link-symbol" aria-hidden="true"></span></a></h3> <p>By default, the CodeQL analysis workflow uses the <code>on:push</code> event to trigger a code scan on every push to the default branch of the repository and any protected branches. For code scanning to be triggered on a specified branch, the workflow must exist in that branch. For more information, see "<a href="/en/actions/using-workflows/workflow-syntax-for-github-actions#on" _originalHref="/actions/using-workflows/workflow-syntax-for-github-actions#on">Workflow syntax for GitHub Actions</a>."</p> <p>If you scan on push, then the results appear in the <strong>Security</strong> tab for your repository. For more information, see "<a href="/en/code-security/code-scanning/managing-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository#viewing-the-alerts-for-a-repository" _originalHref="/code-security/code-scanning/managing-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository#viewing-the-alerts-for-a-repository">Assessing code scanning alerts for your repository</a>."</p> <p>Additionally, when an <code>on:push</code> scan returns results that can be mapped to an open pull request, these alerts will automatically appear on the pull request in the same places as other pull request alerts. The alerts are identified by comparing the existing analysis of the head of the branch to the analysis for the target branch. For more information on code scanning alerts in pull requests, see "<a href="/en/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests" _originalHref="/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests">Triaging code scanning alerts in pull requests</a>."</p> <h3 id="scanning-pull-requests" tabindex="-1"><a class="heading-link" href="#scanning-pull-requests">Scanning pull requests<span class="heading-link-symbol" aria-hidden="true"></span></a></h3> <p>The default CodeQL analysis workflow uses the <code>pull_request</code> event to trigger a code scan on pull requests targeted against the default branch. If a pull request is from a private fork, the <code>pull_request</code> event will only be triggered if you've selected the "Run workflows from fork pull requests" option in the repository settings. For more information, see "<a href="/en/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks" _originalHref="/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks">Managing GitHub Actions settings for a repository</a>."</p> <p>For more information about the <code>pull_request</code> event, see "<a href="/en/actions/using-workflows/events-that-trigger-workflows#pull_request" _originalHref="/actions/using-workflows/events-that-trigger-workflows#pull_request">Events that trigger workflows</a>."</p> <p>If you scan pull requests, then the results appear as alerts in a pull request check. For more information, see "<a href="/en/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests" _originalHref="/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests">Triaging code scanning alerts in pull requests</a>."</p> <p>Using the <code>pull_request</code> trigger, configured to scan the pull request's merge commit rather than the head commit, will produce more efficient and accurate results than scanning the head of the branch on each push. However, if you use a CI/CD system that cannot be configured to trigger on pull requests, you can still use the <code>on:push</code> trigger and code scanning will map the results to open pull requests on the branch and add the alerts as annotations on the pull request. For more information, see "<a href="#scanning-on-push">Scanning on push</a>."</p> <div class="ghd-alert ghd-alert-accent"><p class="ghd-alert-title"><svg version="1.1" width="16" height="16" viewBox="0 0 16 16" class="octicon mr-2" aria-hidden><path d="M0 8a8 8 0 1 1 16 0A8 8 0 0 1 0 8Zm8-6.5a6.5 6.5 0 1 0 0 13 6.5 6.5 0 0 0 0-13ZM6.5 7.75A.75.75 0 0 1 7.25 7h1a.75.75 0 0 1 .75.75v2.75h.25a.75.75 0 0 1 0 1.5h-2a.75.75 0 0 1 0-1.5h.25v-2h-.25a.75.75 0 0 1-.75-.75ZM8 6a1 1 0 1 1 0-2 1 1 0 0 1 0 2Z"></path></svg>Note</p> <p> If your repository is configured with a merge queue, you need to include the <code>merge_group</code> event as an additional trigger for code scanning. This will ensure that pull requests are also scanned when they are added to a merge queue. For more information, see "<a href="/en/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/managing-a-merge-queue" _originalHref="/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/managing-a-merge-queue">Managing a merge queue</a>."</p> </div> <h3 id="avoiding-unnecessary-scans-of-pull-requests" tabindex="-1"><a class="heading-link" href="#avoiding-unnecessary-scans-of-pull-requests">Avoiding unnecessary scans of pull requests<span class="heading-link-symbol" aria-hidden="true"></span></a></h3> <p>You might want to avoid a code scan being triggered on specific pull requests targeted against the default branch, irrespective of which files have been changed. You can configure this by specifying <code>on:pull_request:paths-ignore</code> or <code>on:pull_request:paths</code> in the code scanning workflow. For example, if the only changes in a pull request are to files with the file extensions <code>.md</code> or <code>.txt</code> you can use the following <code>paths-ignore</code> array.</p> <div class="code-example"><header class="d-flex flex-items-center flex-justify-between p-2 text-small rounded-top-1 border-top border-left border-right"><span class="flex-1">YAML</span><button class="js-btn-copy btn btn-sm tooltipped tooltipped-nw" aria-label="Copy YAML code to clipboard" data-clipboard="1454303692"><svg version="1.1" width="16" height="16" viewBox="0 0 16 16" class="octicon octicon-copy" aria-hidden="true"><path d="M0 6.75C0 5.784.784 5 1.75 5h1.5a.75.75 0 0 1 0 1.5h-1.5a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-1.5a.75.75 0 0 1 1.5 0v1.5A1.75 1.75 0 0 1 9.25 16h-7.5A1.75 1.75 0 0 1 0 14.25Z"></path><path d="M5 1.75C5 .784 5.784 0 6.75 0h7.5C15.216 0 16 .784 16 1.75v7.5A1.75 1.75 0 0 1 14.25 11h-7.5A1.75 1.75 0 0 1 5 9.25Zm1.75-.25a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-7.5a.25.25 0 0 0-.25-.25Z"></path></svg></button><pre hidden data-clipboard="1454303692">on: push: branches: [main, protected] pull_request: branches: [main] paths-ignore: - '**/*.md' - '**/*.txt' </pre></header><pre><code class="hljs language-yaml"><span class="hljs-attr">on:</span> <span class="hljs-attr">push:</span> <span class="hljs-attr">branches:</span> [<span class="hljs-string">main</span>, <span class="hljs-string">protected</span>] <span class="hljs-attr">pull_request:</span> <span class="hljs-attr">branches:</span> [<span class="hljs-string">main</span>] <span class="hljs-attr">paths-ignore:</span> <span class="hljs-bullet">-</span> <span class="hljs-string">'**/*.md'</span> <span class="hljs-bullet">-</span> <span class="hljs-string">'**/*.txt'</span> </code></pre></div> <div class="ghd-alert ghd-alert-accent"><p class="ghd-alert-title"><svg version="1.1" width="16" height="16" viewBox="0 0 16 16" class="octicon mr-2" aria-hidden><path d="M0 8a8 8 0 1 1 16 0A8 8 0 0 1 0 8Zm8-6.5a6.5 6.5 0 1 0 0 13 6.5 6.5 0 0 0 0-13ZM6.5 7.75A.75.75 0 0 1 7.25 7h1a.75.75 0 0 1 .75.75v2.75h.25a.75.75 0 0 1 0 1.5h-2a.75.75 0 0 1 0-1.5h.25v-2h-.25a.75.75 0 0 1-.75-.75ZM8 6a1 1 0 1 1 0-2 1 1 0 0 1 0 2Z"></path></svg>Note</p> <p> <code>on:pull_request:paths-ignore</code> and <code>on:pull_request:paths</code> set conditions that determine whether the actions in the workflow will run on a pull request. They don't determine what files will be analyzed when the actions <em>are</em> run. When a pull request contains any files that are not matched by <code>on:pull_request:paths-ignore</code> or <code>on:pull_request:paths</code>, the workflow runs the actions and scans all of the files changed in the pull request, including those matched by <code>on:pull_request:paths-ignore</code> or <code>on:pull_request:paths</code>, unless the files have been excluded. For information on how to exclude files from analysis, see "<a href="#specifying-directories-to-scan">Specifying directories to scan</a>."</p> </div> <p>For more information about using <code>on:pull_request:paths-ignore</code> and <code>on:pull_request:paths</code> to determine when a workflow will run for a pull request, see "<a href="/en/actions/using-workflows/workflow-syntax-for-github-actions#onpushpull_requestpull_request_targetpathspaths-ignore" _originalHref="/actions/using-workflows/workflow-syntax-for-github-actions#onpushpull_requestpull_request_targetpathspaths-ignore">Workflow syntax for GitHub Actions</a>."</p> <h3 id="scanning-on-a-schedule" tabindex="-1"><a class="heading-link" href="#scanning-on-a-schedule">Scanning on a schedule<span class="heading-link-symbol" aria-hidden="true"></span></a></h3> <p>If you use the default CodeQL analysis workflow, the workflow will scan the code in your repository once a week, in addition to the scans triggered by events. To adjust this schedule, edit the <code>cron</code> value in the workflow. For more information, see "<a href="/en/actions/using-workflows/workflow-syntax-for-github-actions#onschedule" _originalHref="/actions/using-workflows/workflow-syntax-for-github-actions#onschedule">Workflow syntax for GitHub Actions</a>."</p> <div class="ghd-alert ghd-alert-accent"><p class="ghd-alert-title"><svg version="1.1" width="16" height="16" viewBox="0 0 16 16" class="octicon mr-2" aria-hidden><path d="M0 8a8 8 0 1 1 16 0A8 8 0 0 1 0 8Zm8-6.5a6.5 6.5 0 1 0 0 13 6.5 6.5 0 0 0 0-13ZM6.5 7.75A.75.75 0 0 1 7.25 7h1a.75.75 0 0 1 .75.75v2.75h.25a.75.75 0 0 1 0 1.5h-2a.75.75 0 0 1 0-1.5h.25v-2h-.25a.75.75 0 0 1-.75-.75ZM8 6a1 1 0 1 1 0-2 1 1 0 0 1 0 2Z"></path></svg>Note</p> <p> GitHub only runs scheduled jobs that are in workflows on the default branch. Changing the schedule in a workflow on any other branch has no effect until you merge the branch into the default branch.</p> </div> <h3 id="example" tabindex="-1"><a class="heading-link" href="#example">Example<span class="heading-link-symbol" aria-hidden="true"></span></a></h3> <p>The following example shows a CodeQL analysis workflow for a particular repository that has a default branch called <code>main</code> and one protected branch called <code>protected</code>.</p> <div class="code-example"><header class="d-flex flex-items-center flex-justify-between p-2 text-small rounded-top-1 border-top border-left border-right"><span class="flex-1">YAML</span><button class="js-btn-copy btn btn-sm tooltipped tooltipped-nw" aria-label="Copy YAML code to clipboard" data-clipboard="1861729926"><svg version="1.1" width="16" height="16" viewBox="0 0 16 16" class="octicon octicon-copy" aria-hidden="true"><path d="M0 6.75C0 5.784.784 5 1.75 5h1.5a.75.75 0 0 1 0 1.5h-1.5a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-1.5a.75.75 0 0 1 1.5 0v1.5A1.75 1.75 0 0 1 9.25 16h-7.5A1.75 1.75 0 0 1 0 14.25Z"></path><path d="M5 1.75C5 .784 5.784 0 6.75 0h7.5C15.216 0 16 .784 16 1.75v7.5A1.75 1.75 0 0 1 14.25 11h-7.5A1.75 1.75 0 0 1 5 9.25Zm1.75-.25a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-7.5a.25.25 0 0 0-.25-.25Z"></path></svg></button><pre hidden data-clipboard="1861729926">on: push: branches: [main, protected] pull_request: branches: [main] schedule: - cron: '20 14 * * 1' </pre></header><pre><code class="hljs language-yaml"><span class="hljs-attr">on:</span> <span class="hljs-attr">push:</span> <span class="hljs-attr">branches:</span> [<span class="hljs-string">main</span>, <span class="hljs-string">protected</span>] <span class="hljs-attr">pull_request:</span> <span class="hljs-attr">branches:</span> [<span class="hljs-string">main</span>] <span class="hljs-attr">schedule:</span> <span class="hljs-bullet">-</span> <span class="hljs-attr">cron:</span> <span class="hljs-string">'20 14 * * 1'</span> </code></pre></div> <p>This workflow scans:</p> <ul> <li>Every push to the default branch and the protected branch</li> <li>Every pull request to the default branch</li> <li>The default branch every Monday at 14:20 UTC</li> </ul> <h2 id="specifying-an-operating-system" tabindex="-1"><a class="heading-link" href="#specifying-an-operating-system">Specifying an operating system<span class="heading-link-symbol" aria-hidden="true"></span></a></h2> <div class="ghd-alert ghd-alert-accent"><p class="ghd-alert-title"><svg version="1.1" width="16" height="16" viewBox="0 0 16 16" class="octicon mr-2" aria-hidden><path d="M0 8a8 8 0 1 1 16 0A8 8 0 0 1 0 8Zm8-6.5a6.5 6.5 0 1 0 0 13 6.5 6.5 0 0 0 0-13ZM6.5 7.75A.75.75 0 0 1 7.25 7h1a.75.75 0 0 1 .75.75v2.75h.25a.75.75 0 0 1 0 1.5h-2a.75.75 0 0 1 0-1.5h.25v-2h-.25a.75.75 0 0 1-.75-.75ZM8 6a1 1 0 1 1 0-2 1 1 0 0 1 0 2Z"></path></svg>Note</p> <p></p> <ul> <li> <p>Code scanning of Swift code uses macOS runners by default. GitHub-hosted macOS runners are more expensive than Linux and Windows runners, so you should consider only scanning the build step. For more information about configuring code scanning for Swift, see "<a href="/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#considerations-for-building-swift" _originalHref="/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#considerations-for-building-swift">CodeQL code scanning for compiled languages</a>." For more information about pricing for GitHub-hosted runners, see "<a href="/en/billing/managing-billing-for-github-actions/about-billing-for-github-actions" _originalHref="/billing/managing-billing-for-github-actions/about-billing-for-github-actions">About billing for GitHub Actions</a>."</p> </li> <li> <p>Code scanning of Swift code is not supported for runners that are part of an Actions Runner Controller (ARC), because ARC runners only use Linux and Swift requires macOS runners. However, you can have a mixture of both ARC runners and self-hosted macOS runners. For more information, see "<a href="/en/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/about-actions-runner-controller" _originalHref="/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/about-actions-runner-controller">About Actions Runner Controller</a>."</p> </li> </ul> </div> <p>If your code requires a specific operating system to compile, you can configure the operating system in your CodeQL analysis workflow. Edit the value of <code>jobs.analyze.runs-on</code> to specify the operating system for the machine that runs your code scanning actions.</p> <div class="code-example"><header class="d-flex flex-items-center flex-justify-between p-2 text-small rounded-top-1 border-top border-left border-right"><span class="flex-1">YAML</span><button class="js-btn-copy btn btn-sm tooltipped tooltipped-nw" aria-label="Copy YAML code to clipboard" data-clipboard="2090084166"><svg version="1.1" width="16" height="16" viewBox="0 0 16 16" class="octicon octicon-copy" aria-hidden="true"><path d="M0 6.75C0 5.784.784 5 1.75 5h1.5a.75.75 0 0 1 0 1.5h-1.5a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-1.5a.75.75 0 0 1 1.5 0v1.5A1.75 1.75 0 0 1 9.25 16h-7.5A1.75 1.75 0 0 1 0 14.25Z"></path><path d="M5 1.75C5 .784 5.784 0 6.75 0h7.5C15.216 0 16 .784 16 1.75v7.5A1.75 1.75 0 0 1 14.25 11h-7.5A1.75 1.75 0 0 1 5 9.25Zm1.75-.25a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-7.5a.25.25 0 0 0-.25-.25Z"></path></svg></button><pre hidden data-clipboard="2090084166">jobs: analyze: name: Analyze runs-on: [ubuntu-latest] </pre></header><pre><code class="hljs language-yaml"><span class="hljs-attr">jobs:</span> <span class="hljs-attr">analyze:</span> <span class="hljs-attr">name:</span> <span class="hljs-string">Analyze</span> <span class="hljs-attr">runs-on:</span> [<span class="hljs-string">ubuntu-latest</span>] </code></pre></div> <p>If you choose to use a self-hosted runner for code scanning, you can specify an operating system by using an appropriate label as the second element in a two-element array, after <code>self-hosted</code>.</p> <div class="code-example"><header class="d-flex flex-items-center flex-justify-between p-2 text-small rounded-top-1 border-top border-left border-right"><span class="flex-1">YAML</span><button class="js-btn-copy btn btn-sm tooltipped tooltipped-nw" aria-label="Copy YAML code to clipboard" data-clipboard="675079642"><svg version="1.1" width="16" height="16" viewBox="0 0 16 16" class="octicon octicon-copy" aria-hidden="true"><path d="M0 6.75C0 5.784.784 5 1.75 5h1.5a.75.75 0 0 1 0 1.5h-1.5a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-1.5a.75.75 0 0 1 1.5 0v1.5A1.75 1.75 0 0 1 9.25 16h-7.5A1.75 1.75 0 0 1 0 14.25Z"></path><path d="M5 1.75C5 .784 5.784 0 6.75 0h7.5C15.216 0 16 .784 16 1.75v7.5A1.75 1.75 0 0 1 14.25 11h-7.5A1.75 1.75 0 0 1 5 9.25Zm1.75-.25a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-7.5a.25.25 0 0 0-.25-.25Z"></path></svg></button><pre hidden data-clipboard="675079642">jobs: analyze: name: Analyze runs-on: [self-hosted, ubuntu-latest] </pre></header><pre><code class="hljs language-yaml"><span class="hljs-attr">jobs:</span> <span class="hljs-attr">analyze:</span> <span class="hljs-attr">name:</span> <span class="hljs-string">Analyze</span> <span class="hljs-attr">runs-on:</span> [<span class="hljs-string">self-hosted</span>, <span class="hljs-string">ubuntu-latest</span>] </code></pre></div> <p>CodeQL code scanning supports the latest versions of Ubuntu, Windows, and macOS. Typical values for this setting are therefore: <code>ubuntu-latest</code>, <code>windows-latest</code>, and <code>macos-latest</code>. For more information, see "<a href="/en/actions/using-jobs/choosing-the-runner-for-a-job" _originalHref="/actions/using-jobs/choosing-the-runner-for-a-job">Choosing the runner for a job</a>" and "<a href="/en/actions/hosting-your-own-runners/managing-self-hosted-runners/using-labels-with-self-hosted-runners" _originalHref="/actions/hosting-your-own-runners/managing-self-hosted-runners/using-labels-with-self-hosted-runners">Using labels with self-hosted runners</a>."</p> <p>If you use a self-hosted runner, you must ensure that Git is in the PATH variable. For more information, see "<a href="/en/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners" _originalHref="/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners">About self-hosted runners</a>" and "<a href="/en/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners" _originalHref="/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners">Adding self-hosted runners</a>."</p> <p>For recommended specifications (RAM, CPU cores, and disk) for running CodeQL analysis on self-hosted machines, see "<a href="/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/recommended-hardware-resources-for-running-codeql" _originalHref="/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/recommended-hardware-resources-for-running-codeql">Recommended hardware resources for running CodeQL</a>."</p> <h2 id="specifying-the-location-for-codeql-databases" tabindex="-1"><a class="heading-link" href="#specifying-the-location-for-codeql-databases">Specifying the location for CodeQL databases<span class="heading-link-symbol" aria-hidden="true"></span></a></h2> <p>In general, you do not need to worry about where the CodeQL analysis workflow places CodeQL databases since later steps will automatically find databases created by previous steps. However, if you are writing a custom workflow step that requires the CodeQL database to be in a specific disk location, for example to upload the database as a workflow artifact, you can specify that location using the <code>db-location</code> parameter under the <code>init</code> action.</p> <div class="code-example"><header class="d-flex flex-items-center flex-justify-between p-2 text-small rounded-top-1 border-top border-left border-right"><span class="flex-1">YAML</span><button class="js-btn-copy btn btn-sm tooltipped tooltipped-nw" aria-label="Copy YAML code to clipboard" data-clipboard="3149545592"><svg version="1.1" width="16" height="16" viewBox="0 0 16 16" class="octicon octicon-copy" aria-hidden="true"><path d="M0 6.75C0 5.784.784 5 1.75 5h1.5a.75.75 0 0 1 0 1.5h-1.5a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-1.5a.75.75 0 0 1 1.5 0v1.5A1.75 1.75 0 0 1 9.25 16h-7.5A1.75 1.75 0 0 1 0 14.25Z"></path><path d="M5 1.75C5 .784 5.784 0 6.75 0h7.5C15.216 0 16 .784 16 1.75v7.5A1.75 1.75 0 0 1 14.25 11h-7.5A1.75 1.75 0 0 1 5 9.25Zm1.75-.25a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-7.5a.25.25 0 0 0-.25-.25Z"></path></svg></button><pre hidden data-clipboard="3149545592">- uses: github/codeql-action/init@v3 with: db-location: '${{ github.runner_temp }}/my_location' </pre></header><pre><code class="hljs language-yaml"><span class="hljs-bullet">-</span> <span class="hljs-attr">uses:</span> <span class="hljs-string">github/codeql-action/init@v3</span> <span class="hljs-attr">with:</span> <span class="hljs-attr">db-location:</span> <span class="hljs-string">'$<span class="hljs-template-variable">{{ github.runner_temp }}</span>/my_location'</span> </code></pre></div> <p>The CodeQL analysis workflow will expect the path provided in <code>db-location</code> to be writable, and either not exist, or be an empty directory. When using this parameter in a job running on a self-hosted runner or using a Docker container, it's the responsibility of the user to ensure that the chosen directory is cleared between runs, or that the databases are removed once they are no longer needed. This is not necessary for jobs running on GitHub-hosted runners, which obtain a fresh instance and a clean filesystem each time they run. For more information, see "<a href="/en/actions/using-github-hosted-runners/about-github-hosted-runners" _originalHref="/actions/using-github-hosted-runners/about-github-hosted-runners">Using GitHub-hosted runners</a>."</p> <p>If this parameter is not used, the CodeQL analysis workflow will create databases in a temporary location of its own choice. Currently the default value is <code>${{ github.runner_temp }}/codeql_databases</code>.</p> <h2 id="changing-the-languages-that-are-analyzed" tabindex="-1"><a class="heading-link" href="#changing-the-languages-that-are-analyzed">Changing the languages that are analyzed<span class="heading-link-symbol" aria-hidden="true"></span></a></h2> <p>CodeQL code scanning automatically detects code written in the supported languages.</p> <ul> <li>C/C++</li> <li>C#</li> <li>Go</li> <li>Java/Kotlin</li> <li>JavaScript/TypeScript</li> <li>Python</li> <li>Ruby</li> <li>Swift</li> </ul> <div class="ghd-alert ghd-alert-accent"><p class="ghd-alert-title"><svg version="1.1" width="16" height="16" viewBox="0 0 16 16" class="octicon mr-2" aria-hidden><path d="M0 8a8 8 0 1 1 16 0A8 8 0 0 1 0 8Zm8-6.5a6.5 6.5 0 1 0 0 13 6.5 6.5 0 0 0 0-13ZM6.5 7.75A.75.75 0 0 1 7.25 7h1a.75.75 0 0 1 .75.75v2.75h.25a.75.75 0 0 1 0 1.5h-2a.75.75 0 0 1 0-1.5h.25v-2h-.25a.75.75 0 0 1-.75-.75ZM8 6a1 1 0 1 1 0-2 1 1 0 0 1 0 2Z"></path></svg>Note</p> <p></p> <ul> <li>Use <code>java-kotlin</code> to analyze code written in Java, Kotlin or both.</li> <li>Use <code>javascript-typescript</code> to analyze code written in JavaScript, TypeScript or both.</li> </ul> </div> <p>For more information, see the documentation on the CodeQL website: "<a href="https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/">Supported languages and frameworks</a>."</p> <p>CodeQL uses the following language identifiers:</p> <table><thead><tr><th scope="col">Language</th><th scope="col">Identifier</th><th scope="col">Optional alternative identifiers (if any)</th></tr></thead><tbody><tr><td>C/C++</td><td><code>c-cpp</code></td><td><code>c</code> or <code>cpp</code></td></tr><tr><td>C#</td><td><code>csharp</code></td><td></td></tr><tr><td>Go</td><td><code>go</code></td><td></td></tr><tr><td>Java/Kotlin</td><td><code>java-kotlin</code></td><td><code>java</code> or <code>kotlin</code></td></tr><tr><td>JavaScript/TypeScript</td><td><code>javascript-typescript</code></td><td><code>javascript</code> or <code>typescript</code></td></tr><tr><td>Python</td><td><code>python</code></td><td></td></tr><tr><td>Ruby</td><td><code>ruby</code></td><td></td></tr><tr><td>Swift</td><td><code>swift</code></td><td></td></tr></tbody></table> <div class="ghd-alert ghd-alert-accent"><p class="ghd-alert-title"><svg version="1.1" width="16" height="16" viewBox="0 0 16 16" class="octicon mr-2" aria-hidden><path d="M0 8a8 8 0 1 1 16 0A8 8 0 0 1 0 8Zm8-6.5a6.5 6.5 0 1 0 0 13 6.5 6.5 0 0 0 0-13ZM6.5 7.75A.75.75 0 0 1 7.25 7h1a.75.75 0 0 1 .75.75v2.75h.25a.75.75 0 0 1 0 1.5h-2a.75.75 0 0 1 0-1.5h.25v-2h-.25a.75.75 0 0 1-.75-.75ZM8 6a1 1 0 1 1 0-2 1 1 0 0 1 0 2Z"></path></svg>Note</p> <p> If you specify one of the alternative identifiers, this is equivalent to using the standard language identifier. For example, specifying <code>javascript</code> instead of <code>javascript-typescript</code> will not exclude analysis of TypeScript code. You can do this in an advanced setup workflow with the <code>--paths-ignore</code> option. For more information, see "<a href="/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#specifying-directories-to-scan" _originalHref="/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#specifying-directories-to-scan">Customizing your advanced setup for code scanning</a>."</p> </div> <p>The default CodeQL analysis workflow file contains a matrix called <code>language</code> which lists the languages in your repository that are analyzed. CodeQL automatically populates this matrix when you add code scanning to a repository. Using the <code>language</code> matrix optimizes CodeQL to run each analysis in parallel. We recommend that all workflows adopt this configuration due to the performance benefits of parallelizing builds. For more information about matrices, see "<a href="/en/actions/using-jobs/using-a-matrix-for-your-jobs" _originalHref="/actions/using-jobs/using-a-matrix-for-your-jobs">Running variations of jobs in a workflow</a>."</p> <p>If your repository contains code in more than one of the supported languages, you can choose which languages you want to analyze. There are several reasons you might want to prevent a language being analyzed. For example, the project might have dependencies in a different language to the main body of your code, and you might prefer not to see alerts for those dependencies.</p> <p>If your workflow uses the <code>language</code> matrix then CodeQL is hardcoded to analyze only the languages in the matrix. To change the languages you want to analyze, edit the value of the matrix variable. You can remove a language to prevent it being analyzed or you can add a language that was not present in the repository when code scanning was configured. For example, if the repository initially only contained JavaScript when code scanning was configured, and you later added Python code, you will need to add <code>python</code> to the matrix.</p> <div class="code-example"><header class="d-flex flex-items-center flex-justify-between p-2 text-small rounded-top-1 border-top border-left border-right"><span class="flex-1">YAML</span><button class="js-btn-copy btn btn-sm tooltipped tooltipped-nw" aria-label="Copy YAML code to clipboard" data-clipboard="2956854181"><svg version="1.1" width="16" height="16" viewBox="0 0 16 16" class="octicon octicon-copy" aria-hidden="true"><path d="M0 6.75C0 5.784.784 5 1.75 5h1.5a.75.75 0 0 1 0 1.5h-1.5a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-1.5a.75.75 0 0 1 1.5 0v1.5A1.75 1.75 0 0 1 9.25 16h-7.5A1.75 1.75 0 0 1 0 14.25Z"></path><path d="M5 1.75C5 .784 5.784 0 6.75 0h7.5C15.216 0 16 .784 16 1.75v7.5A1.75 1.75 0 0 1 14.25 11h-7.5A1.75 1.75 0 0 1 5 9.25Zm1.75-.25a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-7.5a.25.25 0 0 0-.25-.25Z"></path></svg></button><pre hidden data-clipboard="2956854181">jobs: analyze: name: Analyze ... strategy: fail-fast: false matrix: language: ['javascript-typescript', 'python'] </pre></header><pre><code class="hljs language-yaml"><span class="hljs-attr">jobs:</span> <span class="hljs-attr">analyze:</span> <span class="hljs-attr">name:</span> <span class="hljs-string">Analyze</span> <span class="hljs-string">...</span> <span class="hljs-attr">strategy:</span> <span class="hljs-attr">fail-fast:</span> <span class="hljs-literal">false</span> <span class="hljs-attr">matrix:</span> <span class="hljs-attr">language:</span> [<span class="hljs-string">'javascript-typescript'</span>, <span class="hljs-string">'python'</span>] </code></pre></div> <p>If your workflow does not contain a matrix called <code>language</code>, then CodeQL is configured to run analysis sequentially. If you don't specify languages in the workflow, CodeQL automatically detects, and attempts to analyze, any supported languages in the repository. If you want to choose which languages to analyze, without using a matrix, you can use the <code>languages</code> parameter under the <code>init</code> action.</p> <div class="code-example"><header class="d-flex flex-items-center flex-justify-between p-2 text-small rounded-top-1 border-top border-left border-right"><span class="flex-1">YAML</span><button class="js-btn-copy btn btn-sm tooltipped tooltipped-nw" aria-label="Copy YAML code to clipboard" data-clipboard="1575963373"><svg version="1.1" width="16" height="16" viewBox="0 0 16 16" class="octicon octicon-copy" aria-hidden="true"><path d="M0 6.75C0 5.784.784 5 1.75 5h1.5a.75.75 0 0 1 0 1.5h-1.5a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-1.5a.75.75 0 0 1 1.5 0v1.5A1.75 1.75 0 0 1 9.25 16h-7.5A1.75 1.75 0 0 1 0 14.25Z"></path><path d="M5 1.75C5 .784 5.784 0 6.75 0h7.5C15.216 0 16 .784 16 1.75v7.5A1.75 1.75 0 0 1 14.25 11h-7.5A1.75 1.75 0 0 1 5 9.25Zm1.75-.25a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-7.5a.25.25 0 0 0-.25-.25Z"></path></svg></button><pre hidden data-clipboard="1575963373">- uses: github/codeql-action/init@v3 with: languages: c-cpp, csharp, python </pre></header><pre><code class="hljs language-yaml"><span class="hljs-bullet">-</span> <span class="hljs-attr">uses:</span> <span class="hljs-string">github/codeql-action/init@v3</span> <span class="hljs-attr">with:</span> <span class="hljs-attr">languages:</span> <span class="hljs-string">c-cpp,</span> <span class="hljs-string">csharp,</span> <span class="hljs-string">python</span> </code></pre></div> <h2 id="defining-the-alert-severities-that-cause-a-check-failure-for-a-pull-request" tabindex="-1"><a class="heading-link" href="#defining-the-alert-severities-that-cause-a-check-failure-for-a-pull-request">Defining the alert severities that cause a check failure for a pull request<span class="heading-link-symbol" aria-hidden="true"></span></a></h2> <p>You can use rulesets to prevent pull requests from being merged when one of the following conditions is met:</p> <ul> <li> <p>A required tool found a code scanning alert of a severity that is defined in a ruleset.</p> </li> <li> <p>A required code scanning tool's analysis is still in progress.</p> </li> <li> <p>A required code scanning tool is not configured for the repository.</p> </li> </ul> <p>For more information, see "<a href="/en/code-security/code-scanning/managing-your-code-scanning-configuration/set-code-scanning-merge-protection" _originalHref="/code-security/code-scanning/managing-your-code-scanning-configuration/set-code-scanning-merge-protection">Set code scanning merge protection</a>." For more general information about rulesets, see "<a href="/en/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/about-rulesets" _originalHref="/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/about-rulesets">About rulesets</a>."</p> <h2 id="configuring-a-category-for-the-analysis" tabindex="-1"><a class="heading-link" href="#configuring-a-category-for-the-analysis">Configuring a category for the analysis<span class="heading-link-symbol" aria-hidden="true"></span></a></h2> <p>Use <code>category</code> to distinguish between multiple analyses for the same tool and commit, but performed on different languages or different parts of the code. The category you specify in your workflow will be included in the SARIF results file.</p> <p>This parameter is particularly useful if you work with monorepos and have multiple SARIF files for different components of the monorepo.</p> <div class="code-example"><header class="d-flex flex-items-center flex-justify-between p-2 text-small rounded-top-1 border-top border-left border-right"><span class="flex-1">YAML</span><button class="js-btn-copy btn btn-sm tooltipped tooltipped-nw" aria-label="Copy YAML code to clipboard" data-clipboard="573274950"><svg version="1.1" width="16" height="16" viewBox="0 0 16 16" class="octicon octicon-copy" aria-hidden="true"><path d="M0 6.75C0 5.784.784 5 1.75 5h1.5a.75.75 0 0 1 0 1.5h-1.5a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-1.5a.75.75 0 0 1 1.5 0v1.5A1.75 1.75 0 0 1 9.25 16h-7.5A1.75 1.75 0 0 1 0 14.25Z"></path><path d="M5 1.75C5 .784 5.784 0 6.75 0h7.5C15.216 0 16 .784 16 1.75v7.5A1.75 1.75 0 0 1 14.25 11h-7.5A1.75 1.75 0 0 1 5 9.25Zm1.75-.25a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-7.5a.25.25 0 0 0-.25-.25Z"></path></svg></button><pre hidden data-clipboard="573274950"> - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v3 with: # Optional. Specify a category to distinguish between multiple analyses # for the same tool and ref. If you don't use `category` in your workflow, # GitHub will generate a default category name for you category: "my_category" </pre></header><pre><code class="hljs language-yaml"> <span class="hljs-bullet">-</span> <span class="hljs-attr">name:</span> <span class="hljs-string">Perform</span> <span class="hljs-string">CodeQL</span> <span class="hljs-string">Analysis</span> <span class="hljs-attr">uses:</span> <span class="hljs-string">github/codeql-action/analyze@v3</span> <span class="hljs-attr">with:</span> <span class="hljs-comment"># Optional. Specify a category to distinguish between multiple analyses</span> <span class="hljs-comment"># for the same tool and ref. If you don't use `category` in your workflow,</span> <span class="hljs-comment"># GitHub will generate a default category name for you</span> <span class="hljs-attr">category:</span> <span class="hljs-string">"my_category"</span> </code></pre></div> <p>If you don't specify a <code>category</code> parameter in your workflow, GitHub will generate a category name for you, based on the name of the workflow file triggering the action, the action name, and any matrix variables. For example:</p> <ul> <li>The <code>.github/workflows/codeql-analysis.yml</code> workflow and the <code>analyze</code> action will produce the category <code>.github/workflows/codeql.yml:analyze</code>.</li> <li>The <code>.github/workflows/codeql-analysis.yml</code> workflow, the <code>analyze</code> action, and the <code>{language: javascript-typescript, os: linux}</code> matrix variables will produce the category <code>.github/workflows/codeql-analysis.yml:analyze/language:javascript-typescript/os:linux</code>.</li> </ul> <p>The <code>category</code> value will appear as the <code>&#x3C;run>.automationDetails.id</code> property in SARIF v2.1.0. For more information, see "<a href="/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#runautomationdetails-object" _originalHref="/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#runautomationdetails-object">SARIF support for code scanning</a>."</p> <p>Your specified category will not overwrite the details of the <code>runAutomationDetails</code> object in the SARIF file, if included.</p> <h2 id="extending-codeql-coverage-with-codeql-model-packs" tabindex="-1"><a class="heading-link" href="#extending-codeql-coverage-with-codeql-model-packs">Extending CodeQL coverage with CodeQL model packs<span class="heading-link-symbol" aria-hidden="true"></span></a></h2> <p>If your codebase depends on a library or framework that is not recognized by the standard queries in CodeQL, you can extend the CodeQL coverage in your code scanning workflow by specifying published CodeQL model packs. For more information about creating your own model packs, see "<a href="/en/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-and-working-with-codeql-packs#creating-a-model-pack" _originalHref="/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-and-working-with-codeql-packs#creating-a-model-pack">Creating and working with CodeQL packs</a>."</p> <div class="ghd-alert ghd-alert-accent"><p class="ghd-alert-title"><svg version="1.1" width="16" height="16" viewBox="0 0 16 16" class="octicon mr-2" aria-hidden><path d="M0 8a8 8 0 1 1 16 0A8 8 0 0 1 0 8Zm8-6.5a6.5 6.5 0 1 0 0 13 6.5 6.5 0 0 0 0-13ZM6.5 7.75A.75.75 0 0 1 7.25 7h1a.75.75 0 0 1 .75.75v2.75h.25a.75.75 0 0 1 0 1.5h-2a.75.75 0 0 1 0-1.5h.25v-2h-.25a.75.75 0 0 1-.75-.75ZM8 6a1 1 0 1 1 0-2 1 1 0 0 1 0 2Z"></path></svg>Note</p> <p> CodeQL model packs and the CodeQL model editor are currently in public preview and subject to change. Model packs are supported by C#, Java/Kotlin, Python, and Ruby analysis.</p> </div> <h3 id="using-codeql-model-packs" tabindex="-1"><a class="heading-link" href="#using-codeql-model-packs">Using CodeQL model packs<span class="heading-link-symbol" aria-hidden="true"></span></a></h3> <p>To add one or more published CodeQL model packs, specify them inside the <code>with: packs:</code> entry within the <code>uses: github/codeql-action/init@v3</code> section of the workflow. Within <code>packs</code> you specify one or more packages to use and, optionally, which version to download. Where you don't specify a version, the latest version is downloaded. If you want to use packages that are not publicly available, you need to set the <code>GITHUB_TOKEN</code> environment variable to a secret that has access to the packages. For more information, see "<a href="/en/actions/security-guides/automatic-token-authentication" _originalHref="/actions/security-guides/automatic-token-authentication">Automatic token authentication</a>" and "<a href="/en/actions/security-guides/encrypted-secrets" _originalHref="/actions/security-guides/encrypted-secrets">Using secrets in GitHub Actions</a>."</p> <div class="code-example"><header class="d-flex flex-items-center flex-justify-between p-2 text-small rounded-top-1 border-top border-left border-right"><span class="flex-1">YAML</span><button class="js-btn-copy btn btn-sm tooltipped tooltipped-nw" aria-label="Copy YAML code to clipboard" data-clipboard="1832980167"><svg version="1.1" width="16" height="16" viewBox="0 0 16 16" class="octicon octicon-copy" aria-hidden="true"><path d="M0 6.75C0 5.784.784 5 1.75 5h1.5a.75.75 0 0 1 0 1.5h-1.5a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-1.5a.75.75 0 0 1 1.5 0v1.5A1.75 1.75 0 0 1 9.25 16h-7.5A1.75 1.75 0 0 1 0 14.25Z"></path><path d="M5 1.75C5 .784 5.784 0 6.75 0h7.5C15.216 0 16 .784 16 1.75v7.5A1.75 1.75 0 0 1 14.25 11h-7.5A1.75 1.75 0 0 1 5 9.25Zm1.75-.25a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-7.5a.25.25 0 0 0-.25-.25Z"></path></svg></button><pre hidden data-clipboard="1832980167">- uses: github/codeql-action/init@v3 with: config-file: ./.github/codeql/codeql-config.yml queries: security-extended packs: my-company/my-java-queries@~7.8.9,my-repo/my-java-model-pack </pre></header><pre><code class="hljs language-yaml"><span class="hljs-bullet">-</span> <span class="hljs-attr">uses:</span> <span class="hljs-string">github/codeql-action/init@v3</span> <span class="hljs-attr">with:</span> <span class="hljs-attr">config-file:</span> <span class="hljs-string">./.github/codeql/codeql-config.yml</span> <span class="hljs-attr">queries:</span> <span class="hljs-string">security-extended</span> <span class="hljs-attr">packs:</span> <span class="hljs-string">my-company/my-java-queries@~7.8.9,my-repo/my-java-model-pack</span> </code></pre></div> <p>In this example, the default queries will be run for Java, as well as the queries from a version greater than or equal to <code>7.8.9</code> and less than <code>7.9.0</code> of the query pack <code>my-company/my-java-queries</code>. The dependencies modeled in the latest version of the model pack <code>my-repo/my-java-model-pack</code> will be available to both the default queries and those in <code>my-company/my-java-queries</code>.</p> <h2 id="running-additional-queries" tabindex="-1"><a class="heading-link" href="#running-additional-queries">Running additional queries<span class="heading-link-symbol" aria-hidden="true"></span></a></h2> <p>When you use CodeQL to scan code, the CodeQL analysis engine generates a database from the code and runs queries on it. CodeQL analysis uses a default set of queries, but you can specify more queries to run, in addition to the default queries.</p> <div class="ghd-alert ghd-alert-success"><p class="ghd-alert-title"><svg version="1.1" width="16" height="16" viewBox="0 0 16 16" class="octicon mr-2" aria-hidden><path d="M8 1.5c-2.363 0-4 1.69-4 3.75 0 .984.424 1.625.984 2.304l.214.253c.223.264.47.556.673.848.284.411.537.896.621 1.49a.75.75 0 0 1-1.484.211c-.04-.282-.163-.547-.37-.847a8.456 8.456 0 0 0-.542-.68c-.084-.1-.173-.205-.268-.32C3.201 7.75 2.5 6.766 2.5 5.25 2.5 2.31 4.863 0 8 0s5.5 2.31 5.5 5.25c0 1.516-.701 2.5-1.328 3.259-.095.115-.184.22-.268.319-.207.245-.383.453-.541.681-.208.3-.33.565-.37.847a.751.751 0 0 1-1.485-.212c.084-.593.337-1.078.621-1.489.203-.292.45-.584.673-.848.075-.088.147-.173.213-.253.561-.679.985-1.32.985-2.304 0-2.06-1.637-3.75-4-3.75ZM5.75 12h4.5a.75.75 0 0 1 0 1.5h-4.5a.75.75 0 0 1 0-1.5ZM6 15.25a.75.75 0 0 1 .75-.75h2.5a.75.75 0 0 1 0 1.5h-2.5a.75.75 0 0 1-.75-.75Z"></path></svg>Tip</p> <p> You can also specify the queries you want to exclude from analysis, or include in the analysis. This requires the use of a custom configuration file. For more information, see "<a href="#using-a-custom-configuration-file">Using a custom configuration file</a>" and "<a href="#excluding-specific-queries-from-analysis">Excluding specific queries from analysis</a>" below.</p> </div> <p>You can run extra queries if they are part of a CodeQL pack published to the GitHub Container registry or a CodeQL pack stored in a repository. For more information, see "<a href="/en/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning-with-codeql#about-codeql-queries" _originalHref="/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning-with-codeql#about-codeql-queries">About code scanning with CodeQL</a>."</p> <p>The options available to specify the additional queries you want to run are:</p> <ul> <li><code>packs</code> to install one or more CodeQL query packs and run the default query suite or queries for those packs.</li> <li><code>queries</code> to specify a single <em>.ql</em> file, a directory containing multiple <em>.ql</em> files, a <em>.qls</em> query suite definition file, or any combination. For more information about query suite definitions, see "<a href="https://codeql.github.com/docs/codeql-cli/creating-codeql-query-suites/">Creating CodeQL query suites</a>."</li> </ul> <p>You can use both <code>packs</code> and <code>queries</code> in the same workflow.</p> <p>We don't recommend referencing query suites directly from the <code>github/codeql</code> repository, for example, <code>github/codeql/cpp/ql/src@main</code>. Such queries would have to be recompiled, and may not be compatible with the version of CodeQL currently active on GitHub Actions, which could lead to errors during analysis.</p> <h3 id="using-query-packs" tabindex="-1"><a class="heading-link" href="#using-query-packs">Using query packs<span class="heading-link-symbol" aria-hidden="true"></span></a></h3> <p>To add one or more CodeQL query packs, add a <code>with: packs:</code> entry within the <code>uses: github/codeql-action/init@v3</code> section of the workflow. Within <code>packs</code> you specify one or more packages to use and, optionally, which version to download. Where you don't specify a version, the latest version is downloaded. If you want to use packages that are not publicly available, you need to set the <code>GITHUB_TOKEN</code> environment variable to a secret that has access to the packages. For more information, see "<a href="/en/actions/security-guides/automatic-token-authentication" _originalHref="/actions/security-guides/automatic-token-authentication">Automatic token authentication</a>" and "<a href="/en/actions/security-guides/encrypted-secrets" _originalHref="/actions/security-guides/encrypted-secrets">Using secrets in GitHub Actions</a>."</p> <div class="ghd-alert ghd-alert-accent"><p class="ghd-alert-title"><svg version="1.1" width="16" height="16" viewBox="0 0 16 16" class="octicon mr-2" aria-hidden><path d="M0 8a8 8 0 1 1 16 0A8 8 0 0 1 0 8Zm8-6.5a6.5 6.5 0 1 0 0 13 6.5 6.5 0 0 0 0-13ZM6.5 7.75A.75.75 0 0 1 7.25 7h1a.75.75 0 0 1 .75.75v2.75h.25a.75.75 0 0 1 0 1.5h-2a.75.75 0 0 1 0-1.5h.25v-2h-.25a.75.75 0 0 1-.75-.75ZM8 6a1 1 0 1 1 0-2 1 1 0 0 1 0 2Z"></path></svg>Note</p> <p> For workflows that generate CodeQL databases for multiple languages, you must instead specify the CodeQL query packs in a configuration file. For more information, see "<a href="#specifying-codeql-query-packs">Specifying CodeQL query packs</a>" below.</p> </div> <p>In the example below, <code>scope</code> is the organization or personal account that published the package. When the workflow runs, the four CodeQL query packs are downloaded from GitHub and the default queries or query suite for each pack run:</p> <ul> <li>The latest version of <code>pack1</code> is downloaded and all default queries are run.</li> <li>Version 1.2.3 of <code>pack2</code> is downloaded and all default queries are run.</li> <li>The latest version of <code>pack3</code> that is compatible with version 3.2.1 is downloaded and all queries are run.</li> <li>Version 4.5.6 of <code>pack4</code> is downloaded and only the queries found in <code>path/to/queries</code> are run.</li> </ul> <div class="code-example"><header class="d-flex flex-items-center flex-justify-between p-2 text-small rounded-top-1 border-top border-left border-right"><span class="flex-1">YAML</span><button class="js-btn-copy btn btn-sm tooltipped tooltipped-nw" aria-label="Copy YAML code to clipboard" data-clipboard="43617054"><svg version="1.1" width="16" height="16" viewBox="0 0 16 16" class="octicon octicon-copy" aria-hidden="true"><path d="M0 6.75C0 5.784.784 5 1.75 5h1.5a.75.75 0 0 1 0 1.5h-1.5a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-1.5a.75.75 0 0 1 1.5 0v1.5A1.75 1.75 0 0 1 9.25 16h-7.5A1.75 1.75 0 0 1 0 14.25Z"></path><path d="M5 1.75C5 .784 5.784 0 6.75 0h7.5C15.216 0 16 .784 16 1.75v7.5A1.75 1.75 0 0 1 14.25 11h-7.5A1.75 1.75 0 0 1 5 9.25Zm1.75-.25a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-7.5a.25.25 0 0 0-.25-.25Z"></path></svg></button><pre hidden data-clipboard="43617054">- uses: github/codeql-action/init@v3 with: # Comma-separated list of packs to download packs: scope/pack1,scope/pack2@1.2.3,scope/pack3@~3.2.1,scope/pack4@4.5.6:path/to/queries </pre></header><pre><code class="hljs language-yaml"><span class="hljs-bullet">-</span> <span class="hljs-attr">uses:</span> <span class="hljs-string">github/codeql-action/init@v3</span> <span class="hljs-attr">with:</span> <span class="hljs-comment"># Comma-separated list of packs to download</span> <span class="hljs-attr">packs:</span> <span class="hljs-string">scope/pack1,scope/pack2@1.2.3,scope/pack3@~3.2.1,scope/pack4@4.5.6:path/to/queries</span> </code></pre></div> <div class="ghd-alert ghd-alert-accent"><p class="ghd-alert-title"><svg version="1.1" width="16" height="16" viewBox="0 0 16 16" class="octicon mr-2" aria-hidden><path d="M0 8a8 8 0 1 1 16 0A8 8 0 0 1 0 8Zm8-6.5a6.5 6.5 0 1 0 0 13 6.5 6.5 0 0 0 0-13ZM6.5 7.75A.75.75 0 0 1 7.25 7h1a.75.75 0 0 1 .75.75v2.75h.25a.75.75 0 0 1 0 1.5h-2a.75.75 0 0 1 0-1.5h.25v-2h-.25a.75.75 0 0 1-.75-.75ZM8 6a1 1 0 1 1 0-2 1 1 0 0 1 0 2Z"></path></svg>Note</p> <p> If you specify a particular version of a query pack to use, beware that the version you specify may eventually become too old to be used efficiently by the default CodeQL engine used by the CodeQL action. To ensure optimal performance, if you need to specify exact query pack versions, you should consider reviewing periodically whether the pinned version of the query pack needs to be moved forward.</p> <p>For more information about pack compatibility, see "<a href="/en/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/publishing-and-using-codeql-packs#about-codeql-pack-compatibility" _originalHref="/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/publishing-and-using-codeql-packs#about-codeql-pack-compatibility">Publishing and using CodeQL packs</a>."</p> </div> <h3 id="downloading-codeql-packs-from-github-enterprise-server" tabindex="-1"><a class="heading-link" href="#downloading-codeql-packs-from-github-enterprise-server">Downloading CodeQL packs from GitHub Enterprise Server<span class="heading-link-symbol" aria-hidden="true"></span></a></h3> <p>If your workflow uses packs that are published on a GitHub Enterprise Server installation, you need to tell your workflow where to find them. You can do this by using the <code>registries</code> input of the github/codeql-action/init@v3 action. This input accepts a list of <code>url</code>, <code>packages</code>, and <code>token</code> properties as shown below.</p> <div class="code-example"><header class="d-flex flex-items-center flex-justify-between p-2 text-small rounded-top-1 border-top border-left border-right"><span class="flex-1">YAML</span><button class="js-btn-copy btn btn-sm tooltipped tooltipped-nw" aria-label="Copy YAML code to clipboard" data-clipboard="1972162606"><svg version="1.1" width="16" height="16" viewBox="0 0 16 16" class="octicon octicon-copy" aria-hidden="true"><path d="M0 6.75C0 5.784.784 5 1.75 5h1.5a.75.75 0 0 1 0 1.5h-1.5a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-1.5a.75.75 0 0 1 1.5 0v1.5A1.75 1.75 0 0 1 9.25 16h-7.5A1.75 1.75 0 0 1 0 14.25Z"></path><path d="M5 1.75C5 .784 5.784 0 6.75 0h7.5C15.216 0 16 .784 16 1.75v7.5A1.75 1.75 0 0 1 14.25 11h-7.5A1.75 1.75 0 0 1 5 9.25Zm1.75-.25a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-7.5a.25.25 0 0 0-.25-.25Z"></path></svg></button><pre hidden data-clipboard="1972162606">- uses: github/codeql-action/init@v3 with: registries: | # URL to the container registry, usually in this format - url: https://containers.GHEHOSTNAME1/v2/ # List of package glob patterns to be found at this registry packages: - my-company/* - my-company2/* # Token, which should be stored as a secret token: ${{ secrets.GHEHOSTNAME1_TOKEN }} # URL to the default container registry - url: https://ghcr.io/v2/ # Packages can also be a string packages: "*/*" token: ${{ secrets.GHCR_TOKEN }} </pre></header><pre><code class="hljs language-yaml"><span class="hljs-bullet">-</span> <span class="hljs-attr">uses:</span> <span class="hljs-string">github/codeql-action/init@v3</span> <span class="hljs-attr">with:</span> <span class="hljs-attr">registries:</span> <span class="hljs-string">| # URL to the container registry, usually in this format - url: https://containers.GHEHOSTNAME1/v2/ </span> <span class="hljs-comment"># List of package glob patterns to be found at this registry</span> <span class="hljs-attr">packages:</span> <span class="hljs-bullet">-</span> <span class="hljs-string">my-company/*</span> <span class="hljs-bullet">-</span> <span class="hljs-string">my-company2/*</span> <span class="hljs-comment"># Token, which should be stored as a secret</span> <span class="hljs-attr">token:</span> <span class="hljs-string">${{</span> <span class="hljs-string">secrets.GHEHOSTNAME1_TOKEN</span> <span class="hljs-string">}}</span> <span class="hljs-comment"># URL to the default container registry</span> <span class="hljs-bullet">-</span> <span class="hljs-attr">url:</span> <span class="hljs-string">https://ghcr.io/v2/</span> <span class="hljs-comment"># Packages can also be a string</span> <span class="hljs-attr">packages:</span> <span class="hljs-string">"*/*"</span> <span class="hljs-attr">token:</span> <span class="hljs-string">${{</span> <span class="hljs-string">secrets.GHCR_TOKEN</span> <span class="hljs-string">}}</span> </code></pre></div> <p>The package patterns in the registries list are examined in order, so you should generally place the most specific package patterns first. The values for <code>token</code> must be a personal access token (classic) generated by the GitHub instance you are downloading from with the <code>read:packages</code> permission.</p> <p>Notice the <code>|</code> after the <code>registries</code> property name. This is important since GitHub Actions inputs can only accept strings. Using the <code>|</code> converts the subsequent text to a string, which is parsed later by the github/codeql-action/init@v3 action.</p> <h3 id="using-queries-in-ql-packs" tabindex="-1"><a class="heading-link" href="#using-queries-in-ql-packs">Using queries in QL packs<span class="heading-link-symbol" aria-hidden="true"></span></a></h3> <p>To add one or more queries, add a <code>with: queries:</code> entry within the <code>uses: github/codeql-action/init@v3</code> section of the workflow. If the queries are in a private repository, use the <code>external-repository-token</code> parameter to specify a token that has access to checkout the private repository.</p> <p>You can also specify query suites in the value of <code>queries</code>. Query suites are collections of queries, usually grouped by purpose or language.</p> <div class="code-example"><header class="d-flex flex-items-center flex-justify-between p-2 text-small rounded-top-1 border-top border-left border-right"><span class="flex-1">YAML</span><button class="js-btn-copy btn btn-sm tooltipped tooltipped-nw" aria-label="Copy YAML code to clipboard" data-clipboard="3555075386"><svg version="1.1" width="16" height="16" viewBox="0 0 16 16" class="octicon octicon-copy" aria-hidden="true"><path d="M0 6.75C0 5.784.784 5 1.75 5h1.5a.75.75 0 0 1 0 1.5h-1.5a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-1.5a.75.75 0 0 1 1.5 0v1.5A1.75 1.75 0 0 1 9.25 16h-7.5A1.75 1.75 0 0 1 0 14.25Z"></path><path d="M5 1.75C5 .784 5.784 0 6.75 0h7.5C15.216 0 16 .784 16 1.75v7.5A1.75 1.75 0 0 1 14.25 11h-7.5A1.75 1.75 0 0 1 5 9.25Zm1.75-.25a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-7.5a.25.25 0 0 0-.25-.25Z"></path></svg></button><pre hidden data-clipboard="3555075386">- uses: github/codeql-action/init@v3 with: # Comma-separated list of queries / packs / suites to run. # This may include paths or a built in suite, for example: # security-extended or security-and-quality. queries: security-extended # Optional. Provide a token to access queries stored in private repositories. external-repository-token: ${{ secrets.ACCESS_TOKEN }} </pre></header><pre><code class="hljs language-yaml"><span class="hljs-bullet">-</span> <span class="hljs-attr">uses:</span> <span class="hljs-string">github/codeql-action/init@v3</span> <span class="hljs-attr">with:</span> <span class="hljs-comment"># Comma-separated list of queries / packs / suites to run.</span> <span class="hljs-comment"># This may include paths or a built in suite, for example:</span> <span class="hljs-comment"># security-extended or security-and-quality.</span> <span class="hljs-attr">queries:</span> <span class="hljs-string">security-extended</span> <span class="hljs-comment"># Optional. Provide a token to access queries stored in private repositories.</span> <span class="hljs-attr">external-repository-token:</span> <span class="hljs-string">${{</span> <span class="hljs-string">secrets.ACCESS_TOKEN</span> <span class="hljs-string">}}</span> </code></pre></div> <p>The following query suites are built into CodeQL code scanning and are available for use.</p> <table><thead><tr><th align="left" scope="col">Query suite</th><th align="left" scope="col">Description</th></tr></thead><tbody><tr><td align="left"><code>security-extended</code></td><td align="left">Queries from the default suite, plus lower severity and precision queries</td></tr><tr><td align="left"><code>security-and-quality</code></td><td align="left">Queries from <code>security-extended</code>, plus maintainability and reliability queries</td></tr></tbody></table> <p>For more information, see: "<a href="/en/code-security/code-scanning/managing-your-code-scanning-configuration/built-in-codeql-query-suites" _originalHref="/code-security/code-scanning/managing-your-code-scanning-configuration/built-in-codeql-query-suites">CodeQL query suites</a>."</p> <p>Each of these query suites contains a different subset of the queries included in the built-in CodeQL query pack for that language. The query suites are automatically generated using the metadata for each query. For more information, see "<a href="https://codeql.github.com/docs/writing-codeql-queries/metadata-for-codeql-queries/">Metadata for CodeQL queries</a>."</p> <p>When you specify a query suite, the CodeQL analysis engine will run the default set of queries and any extra queries defined in the additional query suite.</p> <h3 id="working-with-custom-configuration-files" tabindex="-1"><a class="heading-link" href="#working-with-custom-configuration-files">Working with custom configuration files<span class="heading-link-symbol" aria-hidden="true"></span></a></h3> <p>If you also use a configuration file for custom settings, any additional packs or queries specified in your workflow are used instead of those specified in the configuration file. If you want to run the combined set of additional packs or queries, prefix the value of <code>packs</code> or <code>queries</code> in the workflow with the <code>+</code> symbol. For more information, see "<a href="#using-a-custom-configuration-file">Using a custom configuration file</a>."</p> <p>In the following example, the <code>+</code> symbol ensures that the specified additional packs and queries are used together with any specified in the referenced configuration file.</p> <div class="code-example"><header class="d-flex flex-items-center flex-justify-between p-2 text-small rounded-top-1 border-top border-left border-right"><span class="flex-1">YAML</span><button class="js-btn-copy btn btn-sm tooltipped tooltipped-nw" aria-label="Copy YAML code to clipboard" data-clipboard="3362304835"><svg version="1.1" width="16" height="16" viewBox="0 0 16 16" class="octicon octicon-copy" aria-hidden="true"><path d="M0 6.75C0 5.784.784 5 1.75 5h1.5a.75.75 0 0 1 0 1.5h-1.5a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-1.5a.75.75 0 0 1 1.5 0v1.5A1.75 1.75 0 0 1 9.25 16h-7.5A1.75 1.75 0 0 1 0 14.25Z"></path><path d="M5 1.75C5 .784 5.784 0 6.75 0h7.5C15.216 0 16 .784 16 1.75v7.5A1.75 1.75 0 0 1 14.25 11h-7.5A1.75 1.75 0 0 1 5 9.25Zm1.75-.25a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-7.5a.25.25 0 0 0-.25-.25Z"></path></svg></button><pre hidden data-clipboard="3362304835">- uses: github/codeql-action/init@v3 with: config-file: ./.github/codeql/codeql-config.yml queries: +security-and-quality,octo-org/python-qlpack/show_ifs.ql@main packs: +scope/pack1,scope/pack2@1.2.3,scope/pack3@4.5.6:path/to/queries </pre></header><pre><code class="hljs language-yaml"><span class="hljs-bullet">-</span> <span class="hljs-attr">uses:</span> <span class="hljs-string">github/codeql-action/init@v3</span> <span class="hljs-attr">with:</span> <span class="hljs-attr">config-file:</span> <span class="hljs-string">./.github/codeql/codeql-config.yml</span> <span class="hljs-attr">queries:</span> <span class="hljs-string">+security-and-quality,octo-org/python-qlpack/show_ifs.ql@main</span> <span class="hljs-attr">packs:</span> <span class="hljs-string">+scope/pack1,scope/pack2@1.2.3,scope/pack3@4.5.6:path/to/queries</span> </code></pre></div> <p><a name="using-a-custom-configuration-file"></a></p> <p><a name="example-configuration-files"></a></p> <h2 id="using-a-custom-configuration-file" tabindex="-1"><a class="heading-link" href="#using-a-custom-configuration-file">Using a custom configuration file<span class="heading-link-symbol" aria-hidden="true"></span></a></h2> <p>A custom configuration file is an alternative way to specify additional packs and queries to run. You can also use the file to disable the default queries, exclude or include specific queries, and to specify which directories to scan during analysis.</p> <p>In the workflow file, use the <code>config-file</code> parameter of the <code>init</code> action to specify the path to the configuration file you want to use. This example loads the configuration file <em>./.github/codeql/codeql-config.yml</em>.</p> <div class="code-example"><header class="d-flex flex-items-center flex-justify-between p-2 text-small rounded-top-1 border-top border-left border-right"><span class="flex-1">YAML</span><button class="js-btn-copy btn btn-sm tooltipped tooltipped-nw" aria-label="Copy YAML code to clipboard" data-clipboard="167998265"><svg version="1.1" width="16" height="16" viewBox="0 0 16 16" class="octicon octicon-copy" aria-hidden="true"><path d="M0 6.75C0 5.784.784 5 1.75 5h1.5a.75.75 0 0 1 0 1.5h-1.5a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-1.5a.75.75 0 0 1 1.5 0v1.5A1.75 1.75 0 0 1 9.25 16h-7.5A1.75 1.75 0 0 1 0 14.25Z"></path><path d="M5 1.75C5 .784 5.784 0 6.75 0h7.5C15.216 0 16 .784 16 1.75v7.5A1.75 1.75 0 0 1 14.25 11h-7.5A1.75 1.75 0 0 1 5 9.25Zm1.75-.25a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-7.5a.25.25 0 0 0-.25-.25Z"></path></svg></button><pre hidden data-clipboard="167998265">- uses: github/codeql-action/init@v3 with: config-file: ./.github/codeql/codeql-config.yml </pre></header><pre><code class="hljs language-yaml"><span class="hljs-bullet">-</span> <span class="hljs-attr">uses:</span> <span class="hljs-string">github/codeql-action/init@v3</span> <span class="hljs-attr">with:</span> <span class="hljs-attr">config-file:</span> <span class="hljs-string">./.github/codeql/codeql-config.yml</span> </code></pre></div> <p>The configuration file can be located within the repository you are analyzing, or in an external repository. Using an external repository allows you to specify configuration options for multiple repositories in a single place. When you reference a configuration file located in an external repository, you can use the <em>OWNER/REPOSITORY/FILENAME@BRANCH</em> syntax. For example, <em>octo-org/shared/codeql-config.yml@main</em>.</p> <p>If the configuration file is located in an external private repository, use the <code>external-repository-token</code> parameter of the <code>init</code> action to specify a token that has access to the private repository.</p> <div class="code-example"><header class="d-flex flex-items-center flex-justify-between p-2 text-small rounded-top-1 border-top border-left border-right"><span class="flex-1">YAML</span><button class="js-btn-copy btn btn-sm tooltipped tooltipped-nw" aria-label="Copy YAML code to clipboard" data-clipboard="6172638"><svg version="1.1" width="16" height="16" viewBox="0 0 16 16" class="octicon octicon-copy" aria-hidden="true"><path d="M0 6.75C0 5.784.784 5 1.75 5h1.5a.75.75 0 0 1 0 1.5h-1.5a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-1.5a.75.75 0 0 1 1.5 0v1.5A1.75 1.75 0 0 1 9.25 16h-7.5A1.75 1.75 0 0 1 0 14.25Z"></path><path d="M5 1.75C5 .784 5.784 0 6.75 0h7.5C15.216 0 16 .784 16 1.75v7.5A1.75 1.75 0 0 1 14.25 11h-7.5A1.75 1.75 0 0 1 5 9.25Zm1.75-.25a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-7.5a.25.25 0 0 0-.25-.25Z"></path></svg></button><pre hidden data-clipboard="6172638">- uses: github/codeql-action/init@v3 with: external-repository-token: ${{ secrets.ACCESS_TOKEN }} </pre></header><pre><code class="hljs language-yaml"><span class="hljs-bullet">-</span> <span class="hljs-attr">uses:</span> <span class="hljs-string">github/codeql-action/init@v3</span> <span class="hljs-attr">with:</span> <span class="hljs-attr">external-repository-token:</span> <span class="hljs-string">${{</span> <span class="hljs-string">secrets.ACCESS_TOKEN</span> <span class="hljs-string">}}</span> </code></pre></div> <p>The settings in the configuration file are written in YAML format.</p> <h3 id="specifying-codeql-query-packs" tabindex="-1"><a class="heading-link" href="#specifying-codeql-query-packs">Specifying CodeQL query packs<span class="heading-link-symbol" aria-hidden="true"></span></a></h3> <p>You specify CodeQL query packs in an array. Note that the format is different from the format used by the workflow file.</p> <div class="code-example"><header class="d-flex flex-items-center flex-justify-between p-2 text-small rounded-top-1 border-top border-left border-right"><span class="flex-1">YAML</span><button class="js-btn-copy btn btn-sm tooltipped tooltipped-nw" aria-label="Copy YAML code to clipboard" data-clipboard="75218363"><svg version="1.1" width="16" height="16" viewBox="0 0 16 16" class="octicon octicon-copy" aria-hidden="true"><path d="M0 6.75C0 5.784.784 5 1.75 5h1.5a.75.75 0 0 1 0 1.5h-1.5a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-1.5a.75.75 0 0 1 1.5 0v1.5A1.75 1.75 0 0 1 9.25 16h-7.5A1.75 1.75 0 0 1 0 14.25Z"></path><path d="M5 1.75C5 .784 5.784 0 6.75 0h7.5C15.216 0 16 .784 16 1.75v7.5A1.75 1.75 0 0 1 14.25 11h-7.5A1.75 1.75 0 0 1 5 9.25Zm1.75-.25a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-7.5a.25.25 0 0 0-.25-.25Z"></path></svg></button><pre hidden data-clipboard="75218363">packs: # Use the latest version of 'pack1' published by 'scope' - scope/pack1 # Use version 1.2.3 of 'pack2' - scope/pack2@1.2.3 # Use the latest version of 'pack3' compatible with 3.2.1 - scope/pack3@~3.2.1 # Use pack4 and restrict it to queries found in the 'path/to/queries' directory - scope/pack4:path/to/queries # Use pack5 and restrict it to the query 'path/to/single/query.ql' - scope/pack5:path/to/single/query.ql # Use pack6 and restrict it to the query suite 'path/to/suite.qls' - scope/pack6:path/to/suite.qls </pre></header><pre><code class="hljs language-yaml"><span class="hljs-attr">packs:</span> <span class="hljs-comment"># Use the latest version of 'pack1' published by 'scope'</span> <span class="hljs-bullet">-</span> <span class="hljs-string">scope/pack1</span> <span class="hljs-comment"># Use version 1.2.3 of 'pack2'</span> <span class="hljs-bullet">-</span> <span class="hljs-string">scope/pack2@1.2.3</span> <span class="hljs-comment"># Use the latest version of 'pack3' compatible with 3.2.1</span> <span class="hljs-bullet">-</span> <span class="hljs-string">scope/pack3@~3.2.1</span> <span class="hljs-comment"># Use pack4 and restrict it to queries found in the 'path/to/queries' directory</span> <span class="hljs-bullet">-</span> <span class="hljs-string">scope/pack4:path/to/queries</span> <span class="hljs-comment"># Use pack5 and restrict it to the query 'path/to/single/query.ql'</span> <span class="hljs-bullet">-</span> <span class="hljs-string">scope/pack5:path/to/single/query.ql</span> <span class="hljs-comment"># Use pack6 and restrict it to the query suite 'path/to/suite.qls'</span> <span class="hljs-bullet">-</span> <span class="hljs-string">scope/pack6:path/to/suite.qls</span> </code></pre></div> <p>The full format for specifying a query pack is <code>scope/name[@version][:path]</code>. Both <code>version</code> and <code>path</code> are optional. <code>version</code> is semver version range. If it is missing, the latest version is used. For more information about semver ranges, see the <a href="https://docs.npmjs.com/cli/v6/using-npm/semver#ranges">semver docs on npm</a>.</p> <p>If you have a workflow that generates more than one CodeQL database, you can specify any CodeQL query packs to run in a custom configuration file using a nested map of packs.</p> <div class="code-example"><header class="d-flex flex-items-center flex-justify-between p-2 text-small rounded-top-1 border-top border-left border-right"><span class="flex-1">YAML</span><button class="js-btn-copy btn btn-sm tooltipped tooltipped-nw" aria-label="Copy YAML code to clipboard" data-clipboard="3378253639"><svg version="1.1" width="16" height="16" viewBox="0 0 16 16" class="octicon octicon-copy" aria-hidden="true"><path d="M0 6.75C0 5.784.784 5 1.75 5h1.5a.75.75 0 0 1 0 1.5h-1.5a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-1.5a.75.75 0 0 1 1.5 0v1.5A1.75 1.75 0 0 1 9.25 16h-7.5A1.75 1.75 0 0 1 0 14.25Z"></path><path d="M5 1.75C5 .784 5.784 0 6.75 0h7.5C15.216 0 16 .784 16 1.75v7.5A1.75 1.75 0 0 1 14.25 11h-7.5A1.75 1.75 0 0 1 5 9.25Zm1.75-.25a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-7.5a.25.25 0 0 0-.25-.25Z"></path></svg></button><pre hidden data-clipboard="3378253639">packs: # Use these packs for JavaScript and TypeScript analysis javascript: - scope/js-pack1 - scope/js-pack2 # Use these packs for Java and Kotlin analysis java: - scope/java-pack1 - scope/java-pack2@v1.0.0 </pre></header><pre><code class="hljs language-yaml"><span class="hljs-attr">packs:</span> <span class="hljs-comment"># Use these packs for JavaScript and TypeScript analysis</span> <span class="hljs-attr">javascript:</span> <span class="hljs-bullet">-</span> <span class="hljs-string">scope/js-pack1</span> <span class="hljs-bullet">-</span> <span class="hljs-string">scope/js-pack2</span> <span class="hljs-comment"># Use these packs for Java and Kotlin analysis</span> <span class="hljs-attr">java:</span> <span class="hljs-bullet">-</span> <span class="hljs-string">scope/java-pack1</span> <span class="hljs-bullet">-</span> <span class="hljs-string">scope/java-pack2@v1.0.0</span> </code></pre></div> <h3 id="extending-codeql-coverage-with-threat-models" tabindex="-1"><a class="heading-link" href="#extending-codeql-coverage-with-threat-models">Extending CodeQL coverage with threat models<span class="heading-link-symbol" aria-hidden="true"></span></a></h3> <div class="ghd-alert ghd-alert-accent"><p class="ghd-alert-title"><svg version="1.1" width="16" height="16" viewBox="0 0 16 16" class="octicon mr-2" aria-hidden><path d="M0 8a8 8 0 1 1 16 0A8 8 0 0 1 0 8Zm8-6.5a6.5 6.5 0 1 0 0 13 6.5 6.5 0 0 0 0-13ZM6.5 7.75A.75.75 0 0 1 7.25 7h1a.75.75 0 0 1 .75.75v2.75h.25a.75.75 0 0 1 0 1.5h-2a.75.75 0 0 1 0-1.5h.25v-2h-.25a.75.75 0 0 1-.75-.75ZM8 6a1 1 0 1 1 0-2 1 1 0 0 1 0 2Z"></path></svg>Note</p> <p> Threat models are currently in public preview and subject to change. During the public preview, threat models are supported only by analysis for Java/Kotlin and C#.</p> </div> <p>The default threat model includes remote sources of untrusted data. You can extend the CodeQL threat model to include local sources of untrusted data (for example: command-line arguments, environment variables, file systems, and databases) by specifying <code>threat-models: local</code> in a custom configuration file. If you extend the threat model, the default threat model will also be used.</p> <h3 id="specifying-additional-queries" tabindex="-1"><a class="heading-link" href="#specifying-additional-queries">Specifying additional queries<span class="heading-link-symbol" aria-hidden="true"></span></a></h3> <p>You specify additional queries in a <code>queries</code> array. Each element of the array contains a <code>uses</code> parameter with a value that identifies a single query file, a directory containing query files, or a query suite definition file.</p> <div class="code-example"><header class="d-flex flex-items-center flex-justify-between p-2 text-small rounded-top-1 border-top border-left border-right"><span class="flex-1">YAML</span><button class="js-btn-copy btn btn-sm tooltipped tooltipped-nw" aria-label="Copy YAML code to clipboard" data-clipboard="3133970016"><svg version="1.1" width="16" height="16" viewBox="0 0 16 16" class="octicon octicon-copy" aria-hidden="true"><path d="M0 6.75C0 5.784.784 5 1.75 5h1.5a.75.75 0 0 1 0 1.5h-1.5a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-1.5a.75.75 0 0 1 1.5 0v1.5A1.75 1.75 0 0 1 9.25 16h-7.5A1.75 1.75 0 0 1 0 14.25Z"></path><path d="M5 1.75C5 .784 5.784 0 6.75 0h7.5C15.216 0 16 .784 16 1.75v7.5A1.75 1.75 0 0 1 14.25 11h-7.5A1.75 1.75 0 0 1 5 9.25Zm1.75-.25a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-7.5a.25.25 0 0 0-.25-.25Z"></path></svg></button><pre hidden data-clipboard="3133970016">queries: - uses: ./my-basic-queries/example-query.ql - uses: ./my-advanced-queries - uses: ./query-suites/my-security-queries.qls </pre></header><pre><code class="hljs language-yaml"><span class="hljs-attr">queries:</span> <span class="hljs-bullet">-</span> <span class="hljs-attr">uses:</span> <span class="hljs-string">./my-basic-queries/example-query.ql</span> <span class="hljs-bullet">-</span> <span class="hljs-attr">uses:</span> <span class="hljs-string">./my-advanced-queries</span> <span class="hljs-bullet">-</span> <span class="hljs-attr">uses:</span> <span class="hljs-string">./query-suites/my-security-queries.qls</span> </code></pre></div> <p>Optionally, you can give each array element a name, as shown in the example configuration files below. For more information about additional queries, see "<a href="#running-additional-queries">Running additional queries</a>" above.</p> <h3 id="disabling-the-default-queries" tabindex="-1"><a class="heading-link" href="#disabling-the-default-queries">Disabling the default queries<span class="heading-link-symbol" aria-hidden="true"></span></a></h3> <p>If you only want to run custom queries, you can disable the default security queries by using <code>disable-default-queries: true</code>.</p> <h3 id="excluding-specific-queries-from-analysis" tabindex="-1"><a class="heading-link" href="#excluding-specific-queries-from-analysis">Excluding specific queries from analysis<span class="heading-link-symbol" aria-hidden="true"></span></a></h3> <p>You can add <code>exclude</code> and <code>include</code> filters to your custom configuration file, to specify the queries you want to exclude or include in the analysis.</p> <p>This is useful if you want to exclude, for example:</p> <ul> <li>Specific queries from the default suites (<code>security</code>, <code>security-extended</code> and <code>security-and-quality</code>).</li> <li>Specific queries whose results do not interest you.</li> <li>All the queries that generate warnings and recommendations.</li> </ul> <p>You can use <code>exclude</code> filters similar to those in the configuration file below to exclude queries that you want to remove from the default analysis. In the example of configuration file below, both the <code>js/redundant-assignment</code> and the <code>js/useless-assignment-to-local</code> queries are excluded from analysis.</p> <div class="code-example"><header class="d-flex flex-items-center flex-justify-between p-2 text-small rounded-top-1 border-top border-left border-right"><span class="flex-1">YAML</span><button class="js-btn-copy btn btn-sm tooltipped tooltipped-nw" aria-label="Copy YAML code to clipboard" data-clipboard="3192009928"><svg version="1.1" width="16" height="16" viewBox="0 0 16 16" class="octicon octicon-copy" aria-hidden="true"><path d="M0 6.75C0 5.784.784 5 1.75 5h1.5a.75.75 0 0 1 0 1.5h-1.5a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-1.5a.75.75 0 0 1 1.5 0v1.5A1.75 1.75 0 0 1 9.25 16h-7.5A1.75 1.75 0 0 1 0 14.25Z"></path><path d="M5 1.75C5 .784 5.784 0 6.75 0h7.5C15.216 0 16 .784 16 1.75v7.5A1.75 1.75 0 0 1 14.25 11h-7.5A1.75 1.75 0 0 1 5 9.25Zm1.75-.25a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-7.5a.25.25 0 0 0-.25-.25Z"></path></svg></button><pre hidden data-clipboard="3192009928">query-filters: - exclude: id: js/redundant-assignment - exclude: id: js/useless-assignment-to-local </pre></header><pre><code class="hljs language-yaml"><span class="hljs-attr">query-filters:</span> <span class="hljs-bullet">-</span> <span class="hljs-attr">exclude:</span> <span class="hljs-attr">id:</span> <span class="hljs-string">js/redundant-assignment</span> <span class="hljs-bullet">-</span> <span class="hljs-attr">exclude:</span> <span class="hljs-attr">id:</span> <span class="hljs-string">js/useless-assignment-to-local</span> </code></pre></div> <p>To find the id of a query, you can click the alert in the list of alerts in the <strong>Security</strong> tab. This opens the alert details page. The <code>Rule ID</code> field contains the query id. For more information about the alert details page, see "<a href="/en/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts#about-alert-details" _originalHref="/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts#about-alert-details">About code scanning alerts</a>."</p> <div class="ghd-alert ghd-alert-success"><p class="ghd-alert-title"><svg version="1.1" width="16" height="16" viewBox="0 0 16 16" class="octicon mr-2" aria-hidden><path d="M8 1.5c-2.363 0-4 1.69-4 3.75 0 .984.424 1.625.984 2.304l.214.253c.223.264.47.556.673.848.284.411.537.896.621 1.49a.75.75 0 0 1-1.484.211c-.04-.282-.163-.547-.37-.847a8.456 8.456 0 0 0-.542-.68c-.084-.1-.173-.205-.268-.32C3.201 7.75 2.5 6.766 2.5 5.25 2.5 2.31 4.863 0 8 0s5.5 2.31 5.5 5.25c0 1.516-.701 2.5-1.328 3.259-.095.115-.184.22-.268.319-.207.245-.383.453-.541.681-.208.3-.33.565-.37.847a.751.751 0 0 1-1.485-.212c.084-.593.337-1.078.621-1.489.203-.292.45-.584.673-.848.075-.088.147-.173.213-.253.561-.679.985-1.32.985-2.304 0-2.06-1.637-3.75-4-3.75ZM5.75 12h4.5a.75.75 0 0 1 0 1.5h-4.5a.75.75 0 0 1 0-1.5ZM6 15.25a.75.75 0 0 1 .75-.75h2.5a.75.75 0 0 1 0 1.5h-2.5a.75.75 0 0 1-.75-.75Z"></path></svg>Tip</p> <p></p> <ul> <li>The order of the filters is important. The first filter instruction that appears after the instructions about the queries and query packs determines whether the queries are included or excluded by default.</li> <li>Subsequent instructions are executed in order and the instructions that appear later in the file take precedence over the earlier instructions.</li> </ul> </div> <p>You can find another example illustrating the use of these filters in the "<a href="#example-configuration-files">Example configuration files</a>" section.</p> <p>For more information about using <code>exclude</code> and <code>include</code> filters in your custom configuration file, see "<a href="/en/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-codeql-query-suites#filtering-the-queries-in-a-query-suite" _originalHref="/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-codeql-query-suites#filtering-the-queries-in-a-query-suite">Creating CodeQL query suites</a>." For information on the query metadata you can filter on, see "<a href="https://codeql.github.com/docs/writing-codeql-queries/metadata-for-codeql-queries/">Metadata for CodeQL queries</a>."</p> <h3 id="specifying-directories-to-scan" tabindex="-1"><a class="heading-link" href="#specifying-directories-to-scan">Specifying directories to scan<span class="heading-link-symbol" aria-hidden="true"></span></a></h3> <p>When codebases are analyzed without building the code, you can restrict code scanning to files in specific directories by adding a <code>paths</code> array to the configuration file. You can also exclude the files in specific directories from analysis by adding a <code>paths-ignore</code> array. You can use this option when you run the CodeQL actions on an interpreted language (Python, Ruby, and JavaScript/TypeScript) or when you analyze a compiled language without building the code (currently supported for C# and Java).</p> <div class="code-example"><header class="d-flex flex-items-center flex-justify-between p-2 text-small rounded-top-1 border-top border-left border-right"><span class="flex-1">YAML</span><button class="js-btn-copy btn btn-sm tooltipped tooltipped-nw" aria-label="Copy YAML code to clipboard" data-clipboard="466826455"><svg version="1.1" width="16" height="16" viewBox="0 0 16 16" class="octicon octicon-copy" aria-hidden="true"><path d="M0 6.75C0 5.784.784 5 1.75 5h1.5a.75.75 0 0 1 0 1.5h-1.5a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-1.5a.75.75 0 0 1 1.5 0v1.5A1.75 1.75 0 0 1 9.25 16h-7.5A1.75 1.75 0 0 1 0 14.25Z"></path><path d="M5 1.75C5 .784 5.784 0 6.75 0h7.5C15.216 0 16 .784 16 1.75v7.5A1.75 1.75 0 0 1 14.25 11h-7.5A1.75 1.75 0 0 1 5 9.25Zm1.75-.25a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-7.5a.25.25 0 0 0-.25-.25Z"></path></svg></button><pre hidden data-clipboard="466826455">paths: - src paths-ignore: - src/node_modules - '**/*.test.js' </pre></header><pre><code class="hljs language-yaml"><span class="hljs-attr">paths:</span> <span class="hljs-bullet">-</span> <span class="hljs-string">src</span> <span class="hljs-attr">paths-ignore:</span> <span class="hljs-bullet">-</span> <span class="hljs-string">src/node_modules</span> <span class="hljs-bullet">-</span> <span class="hljs-string">'**/*.test.js'</span> </code></pre></div> <div class="ghd-alert ghd-alert-accent"><p class="ghd-alert-title"><svg version="1.1" width="16" height="16" viewBox="0 0 16 16" class="octicon mr-2" aria-hidden><path d="M0 8a8 8 0 1 1 16 0A8 8 0 0 1 0 8Zm8-6.5a6.5 6.5 0 1 0 0 13 6.5 6.5 0 0 0 0-13ZM6.5 7.75A.75.75 0 0 1 7.25 7h1a.75.75 0 0 1 .75.75v2.75h.25a.75.75 0 0 1 0 1.5h-2a.75.75 0 0 1 0-1.5h.25v-2h-.25a.75.75 0 0 1-.75-.75ZM8 6a1 1 0 1 1 0-2 1 1 0 0 1 0 2Z"></path></svg>Note</p> <p></p> <ul> <li>The <code>paths</code> and <code>paths-ignore</code> keywords, used in the context of the code scanning configuration file, should not be confused with the same keywords when used for <code>on.&#x3C;push|pull_request>.paths</code> in a workflow. When they are used to modify <code>on.&#x3C;push|pull_request></code> in a workflow, they determine whether the actions will be run when someone modifies code in the specified directories. For more information, see "<a href="/en/actions/using-workflows/workflow-syntax-for-github-actions#onpushpull_requestpull_request_targetpathspaths-ignore" _originalHref="/actions/using-workflows/workflow-syntax-for-github-actions#onpushpull_requestpull_request_targetpathspaths-ignore">Workflow syntax for GitHub Actions</a>."</li> <li>The filter pattern characters <code>?</code>, <code>+</code>, <code>[</code>, <code>]</code>, and <code>!</code> are not supported and will be matched literally.</li> <li><code>**</code> characters can only be at the start or end of a line, or surrounded by slashes, and you can't mix <code>**</code> and other characters. For example, <code>foo/**</code>, <code>**/foo</code>, and <code>foo/**/bar</code> are all allowed syntax, but <code>**foo</code> isn't. However you can use single stars along with other characters, as shown in the example. You'll need to quote anything that contains a <code>*</code> character.</li> </ul> </div> <p>For analysis where code is built, if you want to limit code scanning to specific directories in your project, you must specify appropriate build steps in the workflow. The commands you need to use to exclude a directory from the build will depend on your build system. For more information, see "<a href="/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#adding-build-steps-for-a-compiled-language" _originalHref="/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#adding-build-steps-for-a-compiled-language">CodeQL code scanning for compiled languages</a>."</p> <p>You can quickly analyze small portions of a monorepo when you modify code in specific directories. You'll need to both exclude directories in your build steps and use the <code>paths-ignore</code> and <code>paths</code> keywords for <a href="/en/actions/using-workflows/workflow-syntax-for-github-actions#onpushpull_requestpull_request_targetpathspaths-ignore" _originalHref="/actions/using-workflows/workflow-syntax-for-github-actions#onpushpull_requestpull_request_targetpathspaths-ignore"><code>on.&#x3C;push|pull_request></code></a> in your workflow.</p> <h3 id="example-configuration-files" tabindex="-1"><a class="heading-link" href="#example-configuration-files">Example configuration files<span class="heading-link-symbol" aria-hidden="true"></span></a></h3> <p>This configuration file adds the <code>security-and-quality</code> query suite to the list of queries run by CodeQL when scanning your code. For more information about the query suites available for use, see "<a href="#running-additional-queries">Running additional queries</a>."</p> <pre><code class="hljs language-yaml"><span class="hljs-attr">name:</span> <span class="hljs-string">"My CodeQL config"</span> <span class="hljs-attr">queries:</span> <span class="hljs-bullet">-</span> <span class="hljs-attr">uses:</span> <span class="hljs-string">security-and-quality</span> </code></pre> <p>The following configuration file disables the default queries and specifies a set of custom queries to run instead. It also configures CodeQL to scan files in the <em>src</em> directory (relative to the root), except for the <em>src/node_modules</em> directory, and except for files whose name ends in <em>.test.js</em>. Files in <em>src/node_modules</em> and files with names ending <em>.test.js</em> are therefore excluded from analysis.</p> <pre><code class="hljs language-yaml"><span class="hljs-attr">name:</span> <span class="hljs-string">"My CodeQL config"</span> <span class="hljs-attr">disable-default-queries:</span> <span class="hljs-literal">true</span> <span class="hljs-attr">queries:</span> <span class="hljs-bullet">-</span> <span class="hljs-attr">name:</span> <span class="hljs-string">Use</span> <span class="hljs-string">an</span> <span class="hljs-string">in-repository</span> <span class="hljs-string">CodeQL</span> <span class="hljs-string">pack</span> <span class="hljs-string">(run</span> <span class="hljs-string">queries</span> <span class="hljs-string">in</span> <span class="hljs-string">the</span> <span class="hljs-string">my-queries</span> <span class="hljs-string">directory)</span> <span class="hljs-attr">uses:</span> <span class="hljs-string">./my-queries</span> <span class="hljs-bullet">-</span> <span class="hljs-attr">name:</span> <span class="hljs-string">Use</span> <span class="hljs-string">an</span> <span class="hljs-string">external</span> <span class="hljs-string">JavaScript</span> <span class="hljs-string">CodeQL</span> <span class="hljs-string">pack</span> <span class="hljs-string">(run</span> <span class="hljs-string">queries</span> <span class="hljs-string">from</span> <span class="hljs-string">an</span> <span class="hljs-string">external</span> <span class="hljs-string">repo)</span> <span class="hljs-attr">uses:</span> <span class="hljs-string">octo-org/javascript-codeql-pack@main</span> <span class="hljs-bullet">-</span> <span class="hljs-attr">name:</span> <span class="hljs-string">Use</span> <span class="hljs-string">an</span> <span class="hljs-string">external</span> <span class="hljs-string">query</span> <span class="hljs-string">(run</span> <span class="hljs-string">a</span> <span class="hljs-string">single</span> <span class="hljs-string">query</span> <span class="hljs-string">from</span> <span class="hljs-string">an</span> <span class="hljs-string">external</span> <span class="hljs-string">CodeQL</span> <span class="hljs-string">pack)</span> <span class="hljs-attr">uses:</span> <span class="hljs-string">octo-org/python-codeql-pack/show_ifs.ql@main</span> <span class="hljs-bullet">-</span> <span class="hljs-attr">name:</span> <span class="hljs-string">Use</span> <span class="hljs-string">a</span> <span class="hljs-string">query</span> <span class="hljs-string">suite</span> <span class="hljs-string">file</span> <span class="hljs-string">(run</span> <span class="hljs-string">queries</span> <span class="hljs-string">from</span> <span class="hljs-string">a</span> <span class="hljs-string">query</span> <span class="hljs-string">suite</span> <span class="hljs-string">in</span> <span class="hljs-string">this</span> <span class="hljs-string">repo)</span> <span class="hljs-attr">uses:</span> <span class="hljs-string">./codeql-packs/complex-python-codeql-pack/rootAndBar.qls</span> <span class="hljs-attr">paths:</span> <span class="hljs-bullet">-</span> <span class="hljs-string">src</span> <span class="hljs-attr">paths-ignore:</span> <span class="hljs-bullet">-</span> <span class="hljs-string">src/node_modules</span> <span class="hljs-bullet">-</span> <span class="hljs-string">'**/*.test.js'</span> </code></pre> <p>The following configuration file only runs queries that generate alerts of severity error. The configuration first selects all the default queries, all queries in <code>./my-queries</code>, and the default suite in <code>codeql/java-queries</code>, then excludes all the queries that generate warnings or recommendations.</p> <pre><code class="hljs language-yaml"><span class="hljs-attr">queries:</span> <span class="hljs-bullet">-</span> <span class="hljs-attr">name:</span> <span class="hljs-string">Use</span> <span class="hljs-string">an</span> <span class="hljs-string">in-repository</span> <span class="hljs-string">CodeQL</span> <span class="hljs-string">query</span> <span class="hljs-string">pack</span> <span class="hljs-string">(run</span> <span class="hljs-string">queries</span> <span class="hljs-string">in</span> <span class="hljs-string">the</span> <span class="hljs-string">my-queries</span> <span class="hljs-string">directory)</span> <span class="hljs-attr">uses:</span> <span class="hljs-string">./my-queries</span> <span class="hljs-attr">packs:</span> <span class="hljs-bullet">-</span> <span class="hljs-string">codeql/java-queries</span> <span class="hljs-attr">query-filters:</span> <span class="hljs-bullet">-</span> <span class="hljs-attr">exclude:</span> <span class="hljs-attr">problem.severity:</span> <span class="hljs-bullet">-</span> <span class="hljs-string">warning</span> <span class="hljs-bullet">-</span> <span class="hljs-string">recommendation</span> </code></pre> <h2 id="specifying-configuration-details-using-the-config-input" tabindex="-1"><a class="heading-link" href="#specifying-configuration-details-using-the-config-input">Specifying configuration details using the <code>config</code> input<span class="heading-link-symbol" aria-hidden="true"></span></a></h2> <p>If you'd prefer to specify additional configuration details in the workflow file, you can use the <code>config</code> input of the <code>init</code> command of the CodeQL action. The value of this input must be a YAML string that follows the configuration file format documented at "<a href="#using-a-custom-configuration-file">Using a custom configuration file</a>" above.</p> <h3 id="example-configuration" tabindex="-1"><a class="heading-link" href="#example-configuration">Example configuration<span class="heading-link-symbol" aria-hidden="true"></span></a></h3> <p>This step in a GitHub Actions workflow file uses a <code>config</code> input to disable the default queries, add the <code>security-extended</code> query suite, and exclude queries that are tagged with <code>cwe-020</code>.</p> <pre><code class="hljs language-yaml"><span class="hljs-bullet">-</span> <span class="hljs-attr">uses:</span> <span class="hljs-string">github/codeql-action/init@v3</span> <span class="hljs-attr">with:</span> <span class="hljs-attr">languages:</span> <span class="hljs-string">${{</span> <span class="hljs-string">matrix.language</span> <span class="hljs-string">}}</span> <span class="hljs-attr">config:</span> <span class="hljs-string">| disable-default-queries: true queries: - uses: security-extended query-filters: - exclude: tags: /cwe-020/ </span></code></pre> <p>You can use the same approach to specify any valid configuration options in the workflow file.</p> <div class="ghd-alert ghd-alert-success"><p class="ghd-alert-title"><svg version="1.1" width="16" height="16" viewBox="0 0 16 16" class="octicon mr-2" aria-hidden><path d="M8 1.5c-2.363 0-4 1.69-4 3.75 0 .984.424 1.625.984 2.304l.214.253c.223.264.47.556.673.848.284.411.537.896.621 1.49a.75.75 0 0 1-1.484.211c-.04-.282-.163-.547-.37-.847a8.456 8.456 0 0 0-.542-.68c-.084-.1-.173-.205-.268-.32C3.201 7.75 2.5 6.766 2.5 5.25 2.5 2.31 4.863 0 8 0s5.5 2.31 5.5 5.25c0 1.516-.701 2.5-1.328 3.259-.095.115-.184.22-.268.319-.207.245-.383.453-.541.681-.208.3-.33.565-.37.847a.751.751 0 0 1-1.485-.212c.084-.593.337-1.078.621-1.489.203-.292.45-.584.673-.848.075-.088.147-.173.213-.253.561-.679.985-1.32.985-2.304 0-2.06-1.637-3.75-4-3.75ZM5.75 12h4.5a.75.75 0 0 1 0 1.5h-4.5a.75.75 0 0 1 0-1.5ZM6 15.25a.75.75 0 0 1 .75-.75h2.5a.75.75 0 0 1 0 1.5h-2.5a.75.75 0 0 1-.75-.75Z"></path></svg>Tip</p> <p> You can share one configuration across multiple repositories using GitHub Actions variables. One benefit of this approach is that you can update the configuration in a single place without editing the workflow file.</p> <p>In the following example, <code>vars.CODEQL_CONF</code> is a GitHub Actions variable. Its value can be the contents of any valid configuration file. For more information, see "<a href="/en/actions/learn-github-actions/variables#defining-configuration-variables-for-multiple-workflows" _originalHref="/actions/learn-github-actions/variables#defining-configuration-variables-for-multiple-workflows">Store information in variables</a>."</p> <pre><code class="hljs language-yaml"><span class="hljs-bullet">-</span> <span class="hljs-attr">uses:</span> <span class="hljs-string">github/codeql-action/init@v3</span> <span class="hljs-attr">with:</span> <span class="hljs-attr">languages:</span> <span class="hljs-string">${{</span> <span class="hljs-string">matrix.language</span> <span class="hljs-string">}}</span> <span class="hljs-attr">config:</span> <span class="hljs-string">${{</span> <span class="hljs-string">vars.CODEQL_CONF</span> <span class="hljs-string">}}</span> </code></pre> </div> <h2 id="configuring-code-scanning-for-compiled-languages" tabindex="-1"><a class="heading-link" href="#configuring-code-scanning-for-compiled-languages">Configuring code scanning for compiled languages<span class="heading-link-symbol" aria-hidden="true"></span></a></h2> <p>For compiled languages, you can decide how the CodeQL action creates a CodeQL database for analysis. For information about the build options available, see "<a href="/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages" _originalHref="/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages">CodeQL code scanning for compiled languages</a>."</p> <h2 id="uploading-code-scanning-data-to-github" tabindex="-1"><a class="heading-link" href="#uploading-code-scanning-data-to-github">Uploading code scanning data to GitHub<span class="heading-link-symbol" aria-hidden="true"></span></a></h2> <p>GitHub can display code analysis data generated externally by a third-party tool. You can upload code analysis data with the <code>upload-sarif</code> action. For more information, see "<a href="/en/code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github" _originalHref="/code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github">Uploading a SARIF file to GitHub</a>."</p></div></div></div></div></div></main><footer data-container="footer"><section class="container-xl mt-lg-8 mt-6 px-3 px-md-6 no-print mx-auto"><h2 class="f3">Help and support</h2><div class="container-xl mx-auto py-6 py-lg-6 clearfix border-top border-color-secondary"><div class="float-left pr-4 mb-6 mb-xl-0 col-12 col-lg-6 col-xl-3"><form class="f5" data-testid="survey-form" aria-live="polite"><h3 id="survey-title" class="f4 mb-3">Did you find what you needed?</h3><input type="text" class="d-none" name="survey-token" value=""/><div class="mb-2" role="radiogroup" aria-labelledby="survey-title"><input class="Survey_visuallyHidden__Xh_nl Survey_customRadio__aNqUl" id="survey-yes" type="radio" name="survey-vote" aria-label="Yes" value="Y"/><label class="btn mr-1" for="survey-yes"><svg aria-hidden="true" focusable="false" class="color-fg-muted" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path d="M8.834.066c.763.087 1.5.295 2.01.884.505.581.656 1.378.656 2.3 0 .467-.087 1.119-.157 1.637L11.328 5h1.422c.603 0 1.174.085 1.668.333.508.254.911.679 1.137 1.2.453.998.438 2.447.188 4.316l-.04.306c-.105.79-.195 1.473-.313 2.033-.131.63-.315 1.209-.668 1.672C13.97 15.847 12.706 16 11 16c-1.848 0-3.234-.333-4.388-.653-.165-.045-.323-.09-.475-.133-.658-.186-1.2-.34-1.725-.415A1.75 1.75 0 0 1 2.75 16h-1A1.75 1.75 0 0 1 0 14.25v-7.5C0 5.784.784 5 1.75 5h1a1.75 1.75 0 0 1 1.514.872c.258-.105.59-.268.918-.508C5.853 4.874 6.5 4.079 6.5 2.75v-.5c0-1.202.994-2.337 2.334-2.184ZM4.5 13.3c.705.088 1.39.284 2.072.478l.441.125c1.096.305 2.334.598 3.987.598 1.794 0 2.28-.223 2.528-.549.147-.193.276-.505.394-1.07.105-.502.188-1.124.295-1.93l.04-.3c.25-1.882.189-2.933-.068-3.497a.921.921 0 0 0-.442-.48c-.208-.104-.52-.174-.997-.174H11c-.686 0-1.295-.577-1.206-1.336.023-.192.05-.39.076-.586.065-.488.13-.97.13-1.328 0-.809-.144-1.15-.288-1.316-.137-.158-.402-.304-1.048-.378C8.357 1.521 8 1.793 8 2.25v.5c0 1.922-.978 3.128-1.933 3.825a5.831 5.831 0 0 1-1.567.81ZM2.75 6.5h-1a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h1a.25.25 0 0 0 .25-.25v-7.5a.25.25 0 0 0-.25-.25Z"></path></svg> <!-- -->Yes</label><input class="Survey_visuallyHidden__Xh_nl Survey_customRadio__aNqUl" id="survey-no" type="radio" name="survey-vote" aria-label="No" value="N"/><label class="btn" for="survey-no"><svg aria-hidden="true" focusable="false" class="color-fg-muted" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path d="M7.083 15.986c-.763-.087-1.499-.295-2.011-.884-.504-.581-.655-1.378-.655-2.299 0-.468.087-1.12.157-1.638l.015-.112H3.167c-.603 0-1.174-.086-1.669-.334a2.415 2.415 0 0 1-1.136-1.2c-.454-.998-.438-2.447-.188-4.316l.04-.306C.32 4.108.41 3.424.526 2.864c.132-.63.316-1.209.669-1.672C1.947.205 3.211.053 4.917.053c1.848 0 3.234.332 4.388.652l.474.133c.658.187 1.201.341 1.726.415a1.75 1.75 0 0 1 1.662-1.2h1c.966 0 1.75.784 1.75 1.75v7.5a1.75 1.75 0 0 1-1.75 1.75h-1a1.75 1.75 0 0 1-1.514-.872c-.259.105-.59.268-.919.508-.671.491-1.317 1.285-1.317 2.614v.5c0 1.201-.994 2.336-2.334 2.183Zm4.334-13.232c-.706-.089-1.39-.284-2.072-.479l-.441-.125c-1.096-.304-2.335-.597-3.987-.597-1.794 0-2.28.222-2.529.548-.147.193-.275.505-.393 1.07-.105.502-.188 1.124-.295 1.93l-.04.3c-.25 1.882-.19 2.933.067 3.497a.923.923 0 0 0 .443.48c.208.104.52.175.997.175h1.75c.685 0 1.295.577 1.205 1.335-.022.192-.049.39-.075.586-.066.488-.13.97-.13 1.329 0 .808.144 1.15.288 1.316.137.157.401.303 1.048.377.307.035.664-.237.664-.693v-.5c0-1.922.978-3.127 1.932-3.825a5.878 5.878 0 0 1 1.568-.809Zm1.75 6.798h1a.25.25 0 0 0 .25-.25v-7.5a.25.25 0 0 0-.25-.25h-1a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25Z"></path></svg> <!-- -->No</label></div><a rel="" class="f6 text-underline" target="_blank" href="/en/site-policy/privacy-policies/github-privacy-statement">Privacy policy</a></form></div><div class="float-left pr-4 mb-6 mb-xl-0 col-12 col-lg-6 col-xl-4 offset-xl-1"><div class="f5 contribution"><h3 class="f4 mb-3">Help us make these docs great!</h3><p class="max-w-xs color-fg-muted mb-3">All GitHub docs are open source. See something that&#x27;s wrong or unclear? Submit a pull request.</p><a class="btn" href="https://github.com/github/docs/blob/main/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.md"><svg aria-hidden="true" focusable="false" class="octicon mr-1" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path d="M1.5 3.25a2.25 2.25 0 1 1 3 2.122v5.256a2.251 2.251 0 1 1-1.5 0V5.372A2.25 2.25 0 0 1 1.5 3.25Zm5.677-.177L9.573.677A.25.25 0 0 1 10 .854V2.5h1A2.5 2.5 0 0 1 13.5 5v5.628a2.251 2.251 0 1 1-1.5 0V5a1 1 0 0 0-1-1h-1v1.646a.25.25 0 0 1-.427.177L7.177 3.427a.25.25 0 0 1 0-.354ZM3.75 2.5a.75.75 0 1 0 0 1.5.75.75 0 0 0 0-1.5Zm0 9.5a.75.75 0 1 0 0 1.5.75.75 0 0 0 0-1.5Zm8.25.75a.75.75 0 1 0 1.5 0 .75.75 0 0 0-1.5 0Z"></path></svg>Make a contribution</a><p class="color-fg-muted f6 mt-2"><a class="text-underline" href="/contributing" target="_blank" rel="noopener">Learn how to contribute</a></p></div></div><div class="float-left pr-4 mb-6 mb-xl-0 col-12 col-lg-6 col-xl-3 offset-xl-1"><div><h3 class="mb-3 f4">Still need help?</h3><div class="mb-2"><a id="ask-community" href="https://github.com/orgs/community/discussions" class="text-underline"><svg aria-hidden="true" focusable="false" class="octicon mr-1" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path d="M2 5.5a3.5 3.5 0 1 1 5.898 2.549 5.508 5.508 0 0 1 3.034 4.084.75.75 0 1 1-1.482.235 4 4 0 0 0-7.9 0 .75.75 0 0 1-1.482-.236A5.507 5.507 0 0 1 3.102 8.05 3.493 3.493 0 0 1 2 5.5ZM11 4a3.001 3.001 0 0 1 2.22 5.018 5.01 5.01 0 0 1 2.56 3.012.749.749 0 0 1-.885.954.752.752 0 0 1-.549-.514 3.507 3.507 0 0 0-2.522-2.372.75.75 0 0 1-.574-.73v-.352a.75.75 0 0 1 .416-.672A1.5 1.5 0 0 0 11 5.5.75.75 0 0 1 11 4Zm-5.5-.5a2 2 0 1 0-.001 3.999A2 2 0 0 0 5.5 3.5Z"></path></svg>Ask the GitHub community</a></div><div><a id="support" href="https://support.github.com" class="text-underline"><svg aria-hidden="true" focusable="false" class="octicon mr-1" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path d="M1.75 1h8.5c.966 0 1.75.784 1.75 1.75v5.5A1.75 1.75 0 0 1 10.25 10H7.061l-2.574 2.573A1.458 1.458 0 0 1 2 11.543V10h-.25A1.75 1.75 0 0 1 0 8.25v-5.5C0 1.784.784 1 1.75 1ZM1.5 2.75v5.5c0 .138.112.25.25.25h1a.75.75 0 0 1 .75.75v2.19l2.72-2.72a.749.749 0 0 1 .53-.22h3.5a.25.25 0 0 0 .25-.25v-5.5a.25.25 0 0 0-.25-.25h-8.5a.25.25 0 0 0-.25.25Zm13 2a.25.25 0 0 0-.25-.25h-.5a.75.75 0 0 1 0-1.5h.5c.966 0 1.75.784 1.75 1.75v5.5A1.75 1.75 0 0 1 14.25 12H14v1.543a1.458 1.458 0 0 1-2.487 1.03L9.22 12.28a.749.749 0 0 1 .326-1.275.749.749 0 0 1 .734.215l2.22 2.22v-2.19a.75.75 0 0 1 .75-.75h1a.25.25 0 0 0 .25-.25Z"></path></svg>Contact support</a></div></div></div></div></section><section class="container-xl px-3 mt-6 pb-8 px-md-6 color-fg-muted"><h2 class="f4 mb-2 col-12">Legal</h2><ul class="d-flex flex-wrap list-style-none"><li class="mr-3">© <!-- -->2024<!-- --> GitHub, Inc.</li><li class="mr-3"><a class="text-underline" href="/en/site-policy/github-terms/github-terms-of-service">Terms</a></li><li class="mr-3"><a class="text-underline" href="/en/site-policy/privacy-policies/github-privacy-statement">Privacy</a></li><li class="mr-3"><a class="text-underline" href="https://www.githubstatus.com/">Status</a></li><li class="mr-3"><a class="text-underline" href="https://github.com/pricing">Pricing</a></li><li class="mr-3"><a class="text-underline" href="https://services.github.com">Expert services</a></li><li class="mr-3"><a class="text-underline" href="https://github.blog">Blog</a></li></ul></section><div role="tooltip" class="position-fixed bottom-0 mb-4 right-0 mr-4 z-1 ScrollButton_transition200__rLxBo ScrollButton_opacity0__vjKQD"><button class="ghd-scroll-to-top tooltipped tooltipped-n tooltipped-no-delay btn circle border-1 d-flex flex-items-center flex-justify-center ScrollButton_customFocus__L3FsX" style="width:40px;height:40px" aria-label="Scroll to top"><svg aria-hidden="true" focusable="false" class="octicon octicon-chevron-up" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path d="M3.22 10.53a.749.749 0 0 1 0-1.06l4.25-4.25a.749.749 0 0 1 1.06 0l4.25 4.25a.749.749 0 1 1-1.06 1.06L8 6.811 4.28 10.53a.749.749 0 0 1-1.06 0Z"></path></svg></button></div></footer></div></div><script type="application/json" id="__PRIMER_DATA_:R16:__">{"resolvedServerColorMode":"day"}</script></div><script id="__NEXT_DATA__" type="application/json">{"props":{"pageProps":{"mainContext":{"breadcrumbs":[{"href":"/en/code-security","title":"Code security"},{"href":"/en/code-security/code-scanning","title":"Code scanning"},{"href":"/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning","title":"Create advanced setup"},{"href":"/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning","title":"Customize advanced setup"}],"communityRedirect":{},"currentProduct":{"id":"code-security","name":"Code security","href":"/code-security","dir":"content/code-security","toc":"content/code-security/index.md","wip":false,"hidden":false,"versions":["free-pro-team@latest","enterprise-cloud@latest","enterprise-server@3.15","enterprise-server@3.14","enterprise-server@3.13","enterprise-server@3.12","enterprise-server@3.11","enterprise-server@3.10"]},"currentProductName":"Code security","isHomepageVersion":false,"error":"","data":{"ui":{"alerts":{"NOTE":"Note","IMPORTANT":"Important","WARNING":"Warning","TIP":"Tip","CAUTION":"Caution"},"header":{"github_docs":"GitHub Docs","contact":"Contact","notices":{"release_candidate":" is currently available as a \u003ca href=\"/admin/overview/about-upgrades-to-new-releases\"\u003erelease candidate\u003c/a\u003e.","early_access":"📣 Please \u003cb\u003edo not share\u003c/b\u003e this URL publicly. This page contains content about a private preview feature.","release_notes_use_latest":"Please use the latest release for the latest security, performance, and bug fixes.","ghes_release_notes_upgrade_patch_only":"📣 This is not the \u003ca href=\"#{{ latestPatch }}\"\u003elatest patch release\u003c/a\u003e of Enterprise Server.","ghes_release_notes_upgrade_release_only":"📣 This is not the \u003ca href=\"/enterprise-server@{{ latestRelease }}/admin/release-notes\"\u003elatest release\u003c/a\u003e of Enterprise Server.","ghes_release_notes_upgrade_patch_and_release":"📣 This is not the \u003ca href=\"#{{ latestPatch }}\"\u003elatest patch release\u003c/a\u003e of this release series, and this is not the \u003ca href=\"/enterprise-server@{{ latestRelease }}/admin/release-notes\"\u003elatest release\u003c/a\u003e of Enterprise Server."},"sign_up_cta":"Sign up","menu":"Menu","go_home":"Home"},"search":{"description":"Enter a search term to find it in the GitHub Docs.","placeholder":"Search GitHub Docs","label":"Search GitHub Docs"},"survey":{"able_to_find":"Did you find what you needed?","yes":"Yes","no":"No","cancel":"Cancel","additional_feedback":"Can you tell us more about your rating? (Optional)","optional":"Optional","required":"Required","email_label":"Leave your email if we can contact you. (Optional)","email_validation":"Please enter a valid email address","send":"Send","feedback":"Thank you! We received your feedback.","not_support":"If you need a reply, please contact \u003ca href=\"https://support.github.com/\"\u003esupport\u003c/a\u003e.","privacy_policy":"Privacy policy","server_error":"Unable to process comment at the moment. Please try again."},"toc":{"getting_started":"Getting started","popular":"Popular","startHere":"Start here","whats_new":"What's new","videos":"Videos","all_changelogs":"All changelog posts"},"meta":{"default_description":"Get started, troubleshoot, and make the most of GitHub. Documentation for new users, developers, administrators, and all of GitHub's products."},"scroll_button":{"scroll_to_top":"Scroll to top"},"pages":{"article_version":"Article version","miniToc":"In this article","all_enterprise_releases":"All Enterprise Server releases","about_versions":"About versions","permissions_callout_title":"Who can use this feature?","video_from_transcript":"See video for this transcript"},"picker":{"language_picker_label":"Language","product_picker_default_text":"All products","version_picker_default_text":"Choose a version"},"footer":{"support_heading":"Help and support","legal_heading":"Legal","imprint":"Imprint","terms":"Terms","privacy":"Privacy","status":"Status","pricing":"Pricing","expert_services":"Expert services","blog":"Blog"},"contribution_cta":{"title":"Help us make these docs great!","body":"All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.","button":"Make a contribution","to_guidelines":"Learn how to contribute"},"support":{"still_need_help":"Still need help?","contact_support":"Contact support","ask_community":"Ask the GitHub community"},"rest":{"banner":{"api_versioned":"The REST API is now versioned.","api_version_info":"For more information, see \"\u003ca href=\"{{ versionWithApiVersion }}/rest/overview/api-versions\"\u003eAbout API versioning\u003c/a\u003e.\"","ghes_api_versioned":"After a site administrator upgrades your Enterprise Server instance to {{ firstGhesReleaseWithApiVersions.versionTitle }} or later, the REST API will be versioned. To learn how to find your instance's version, see \"\u003ca href=\"/{{ currentVersion }}/get-started/learning-about-github/about-versions-of-github-docs#github-enterprise-server\"\u003eAbout versions of GitHub Docs\u003c/a\u003e\".","redirect_notice":"We've recently moved some of the REST API documentation.","redirect_repo":"If you can't find what you're looking for, you might try the new {{ newRestPagesLinks }} REST API pages.","redirect_enterprise":"If you can't find what you're looking for, you might try the {{ actionsPageLink }} REST API page.","actions_api_title":"Actions"},"versioning":{"about_versions":"About REST API versions"},"overview":{"permissions":{"access":"Access","endpoints":"Endpoint","tokens":"Token types","additionalPermissions":"Additional permissions","uat":"UAT","iat":"IAT"}},"screen_reader_text_checkmark_icon":"Multiple permissions are required, or a different permission may be used. For more information about the permissions, see the documentation for this endpoint."},"domain_edit":{"name":"Domain name","edit":"Edit","edit_your":"Edit your domain name","experimental":"Experimental","your_name":"Your domain name","cancel":"Cancel","save":"Save","snippet_about":"Updating will include the new domain name in all code snippets across GitHub Docs.","learn_more":"Learn more","submission_failed":"Submission failed. Please try again in a minute."},"popovers":{"role_description":"hovercard link"}},"reusables":{},"variables":{"release_candidate":{"version":"enterprise-server@3.15"}}},"currentCategory":"code-scanning","currentPathWithoutLanguage":"/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning","page":{"documentType":"article","type":"how_to","title":"Customizing your advanced setup for code scanning","fullTitle":"Customizing your advanced setup for code scanning - GitHub Docs","topics":["Advanced Security","Code scanning","Actions","Repositories","Pull requests","JavaScript","Python"],"introPlainText":"You can customize how your advanced setup scans the code in your project for vulnerabilities and errors.","applicableVersions":["free-pro-team@latest","enterprise-cloud@latest","enterprise-server@3.15","enterprise-server@3.14","enterprise-server@3.13","enterprise-server@3.12","enterprise-server@3.11","enterprise-server@3.10"],"hidden":false,"noEarlyAccessBanner":false},"enterpriseServerReleases":{"isOldestReleaseDeprecated":true,"oldestSupported":"3.10","nextDeprecationDate":"2024-09-25","supported":["3.15","3.14","3.13","3.12","3.11","3.10"]},"enterpriseServerVersions":["enterprise-server@3.15","enterprise-server@3.14","enterprise-server@3.13","enterprise-server@3.12","enterprise-server@3.11","enterprise-server@3.10"],"allVersions":{"free-pro-team@latest":{"version":"free-pro-team@latest","versionTitle":"Free, Pro, \u0026 Team","apiVersions":["2022-11-28"],"latestApiVersion":"2022-11-28"},"enterprise-cloud@latest":{"version":"enterprise-cloud@latest","versionTitle":"Enterprise Cloud","apiVersions":["2022-11-28"],"latestApiVersion":"2022-11-28"},"enterprise-server@3.15":{"version":"enterprise-server@3.15","versionTitle":"Enterprise Server 3.15","apiVersions":["2022-11-28"],"latestApiVersion":"2022-11-28","isGHES":true},"enterprise-server@3.14":{"version":"enterprise-server@3.14","versionTitle":"Enterprise Server 3.14","apiVersions":["2022-11-28"],"latestApiVersion":"2022-11-28","isGHES":true},"enterprise-server@3.13":{"version":"enterprise-server@3.13","versionTitle":"Enterprise Server 3.13","apiVersions":["2022-11-28"],"latestApiVersion":"2022-11-28","isGHES":true},"enterprise-server@3.12":{"version":"enterprise-server@3.12","versionTitle":"Enterprise Server 3.12","apiVersions":["2022-11-28"],"latestApiVersion":"2022-11-28","isGHES":true},"enterprise-server@3.11":{"version":"enterprise-server@3.11","versionTitle":"Enterprise Server 3.11","apiVersions":["2022-11-28"],"latestApiVersion":"2022-11-28","isGHES":true},"enterprise-server@3.10":{"version":"enterprise-server@3.10","versionTitle":"Enterprise Server 3.10","apiVersions":["2022-11-28"],"latestApiVersion":"2022-11-28","isGHES":true}},"currentVersion":"free-pro-team@latest","currentProductTree":null,"sidebarTree":{"href":"/en/code-security","title":"Code security","childPages":[{"href":"/en/code-security/getting-started","title":"Getting started","childPages":[{"href":"/en/code-security/getting-started/github-security-features","title":"GitHub security features","childPages":[]},{"href":"/en/code-security/getting-started/dependabot-quickstart-guide","title":"Dependabot quickstart","childPages":[]},{"href":"/en/code-security/getting-started/quickstart-for-securing-your-repository","title":"Secure repository quickstart","childPages":[]},{"href":"/en/code-security/getting-started/adding-a-security-policy-to-your-repository","title":"Add a security policy","childPages":[]},{"href":"/en/code-security/getting-started/auditing-security-alerts","title":"Audit security alerts","childPages":[]},{"href":"/en/code-security/getting-started/best-practices-for-preventing-data-leaks-in-your-organization","title":"Prevent data leaks","childPages":[]}]},{"href":"/en/code-security/securing-your-organization","title":"Secure your organization","childPages":[{"href":"/en/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale","title":"Introduction","childPages":[{"href":"/en/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale","title":"About organization security","childPages":[]},{"href":"/en/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/choosing-a-security-configuration-for-your-repositories","title":"Choose security configuration","childPages":[]}]},{"href":"/en/code-security/securing-your-organization/enabling-security-features-in-your-organization","title":"Enable security features","childPages":[{"href":"/en/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization","title":"Apply recommended configuration","childPages":[]},{"href":"/en/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration","title":"Create custom configuration","childPages":[]},{"href":"/en/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-a-custom-security-configuration","title":"Apply custom configuration","childPages":[]},{"href":"/en/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization","title":"Configure global settings","childPages":[]}]},{"href":"/en/code-security/securing-your-organization/managing-the-security-of-your-organization","title":"Manage organization security","childPages":[{"href":"/en/code-security/securing-your-organization/managing-the-security-of-your-organization/interpreting-security-findings","title":"Interpret security data","childPages":[]},{"href":"/en/code-security/securing-your-organization/managing-the-security-of-your-organization/filtering-repositories-in-your-organization-using-the-repository-table","title":"Filter repositories","childPages":[]},{"href":"/en/code-security/securing-your-organization/managing-the-security-of-your-organization/editing-a-custom-security-configuration","title":"Edit custom configuration","childPages":[]},{"href":"/en/code-security/securing-your-organization/managing-the-security-of-your-organization/managing-your-github-advanced-security-license-usage","title":"Manage GHAS licenses","childPages":[]},{"href":"/en/code-security/securing-your-organization/managing-the-security-of-your-organization/detaching-repositories-from-their-security-configurations","title":"Detach security configuration","childPages":[]},{"href":"/en/code-security/securing-your-organization/managing-the-security-of-your-organization/finding-repositories-with-attachment-failures","title":"Find attachment failures","childPages":[]},{"href":"/en/code-security/securing-your-organization/managing-the-security-of-your-organization/deleting-a-custom-security-configuration","title":"Delete custom configuration","childPages":[]}]},{"href":"/en/code-security/securing-your-organization/troubleshooting-security-configurations","title":"Troubleshooting configurations","childPages":[{"href":"/en/code-security/securing-your-organization/troubleshooting-security-configurations/a-repository-is-using-advanced-setup-for-code-scanning","title":"Active advanced setup","childPages":[]},{"href":"/en/code-security/securing-your-organization/troubleshooting-security-configurations/not-enough-github-advanced-security-licenses","title":"Not enough GHAS licenses","childPages":[]}]}]},{"href":"/en/code-security/secret-scanning","title":"Secret scanning","childPages":[{"href":"/en/code-security/secret-scanning/introduction","title":"Introduction","childPages":[{"href":"/en/code-security/secret-scanning/introduction/about-secret-scanning","title":"Secret scanning","childPages":[]},{"href":"/en/code-security/secret-scanning/introduction/about-push-protection","title":"Push protection","childPages":[]},{"href":"/en/code-security/secret-scanning/introduction/about-secret-scanning-for-partners","title":"Secret scanning for partners","childPages":[]},{"href":"/en/code-security/secret-scanning/introduction/supported-secret-scanning-patterns","title":"Supported patterns","childPages":[]}]},{"href":"/en/code-security/secret-scanning/enabling-secret-scanning-features","title":"Enable features","childPages":[{"href":"/en/code-security/secret-scanning/enabling-secret-scanning-features/enabling-secret-scanning-for-your-repository","title":"Enable secret scanning","childPages":[]},{"href":"/en/code-security/secret-scanning/enabling-secret-scanning-features/enabling-push-protection-for-your-repository","title":"Enable push protection","childPages":[]}]},{"href":"/en/code-security/secret-scanning/managing-alerts-from-secret-scanning","title":"Manage alerts","childPages":[{"href":"/en/code-security/secret-scanning/managing-alerts-from-secret-scanning/about-alerts","title":"About alerts","childPages":[]},{"href":"/en/code-security/secret-scanning/managing-alerts-from-secret-scanning/viewing-alerts","title":"View alerts","childPages":[]},{"href":"/en/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts","title":"Evaluate alerts","childPages":[]},{"href":"/en/code-security/secret-scanning/managing-alerts-from-secret-scanning/resolving-alerts","title":"Resolve alerts","childPages":[]},{"href":"/en/code-security/secret-scanning/managing-alerts-from-secret-scanning/monitoring-alerts","title":"Monitor alerts","childPages":[]}]},{"href":"/en/code-security/secret-scanning/working-with-secret-scanning-and-push-protection","title":"Work with secret scanning","childPages":[{"href":"/en/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/push-protection-for-users","title":"Push protection for users","childPages":[]},{"href":"/en/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-command-line","title":"Push protection on the command line","childPages":[]},{"href":"/en/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-rest-api","title":"Push protection from the REST API","childPages":[]},{"href":"/en/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-in-the-github-ui","title":"Push protection in the GitHub UI","childPages":[]}]},{"href":"/en/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features","title":"Advanced features","childPages":[{"href":"/en/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/excluding-folders-and-files-from-secret-scanning","title":"Exclude folders and files","childPages":[]}]},{"href":"/en/code-security/secret-scanning/copilot-secret-scanning","title":"Copilot secret scanning","childPages":[{"href":"/en/code-security/secret-scanning/copilot-secret-scanning/responsible-ai-generic-secrets","title":"Generic secret detection","childPages":[]},{"href":"/en/code-security/secret-scanning/copilot-secret-scanning/responsible-ai-regex-generator","title":"Generate regular expressions with AI","childPages":[]}]},{"href":"/en/code-security/secret-scanning/troubleshooting-secret-scanning-and-push-protection","title":"Troubleshoot","childPages":[{"href":"/en/code-security/secret-scanning/troubleshooting-secret-scanning-and-push-protection/troubleshooting-secret-scanning","title":"Troubleshoot secret scanning","childPages":[]}]},{"href":"/en/code-security/secret-scanning/secret-scanning-partnership-program","title":"Partner program","childPages":[{"href":"/en/code-security/secret-scanning/secret-scanning-partnership-program/secret-scanning-partner-program","title":"Partner program","childPages":[]}]}]},{"href":"/en/code-security/code-scanning","title":"Code scanning","childPages":[{"href":"/en/code-security/code-scanning/introduction-to-code-scanning","title":"Introduction","childPages":[{"href":"/en/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning","title":"About code scanning","childPages":[]},{"href":"/en/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning-with-codeql","title":"About CodeQL code scanning","childPages":[]}]},{"href":"/en/code-security/code-scanning/enabling-code-scanning","title":"Enable code scanning","childPages":[{"href":"/en/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning","title":"Configure code scanning","childPages":[]},{"href":"/en/code-security/code-scanning/enabling-code-scanning/evaluating-default-setup-for-code-scanning","title":"Evaluate code scanning","childPages":[]},{"href":"/en/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale","title":"Code scanning at scale","childPages":[]}]},{"href":"/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning","title":"Create advanced setup","childPages":[{"href":"/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning","title":"Configure advanced setup","childPages":[]},{"href":"/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning","title":"Customize advanced setup","childPages":[]},{"href":"/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages","title":"CodeQL for compiled languages","childPages":[]},{"href":"/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning-with-codeql-at-scale","title":"CodeQL advanced setup at scale","childPages":[]},{"href":"/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/recommended-hardware-resources-for-running-codeql","title":"Hardware resources for CodeQL","childPages":[]},{"href":"/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/running-codeql-code-scanning-in-a-container","title":"Code scanning in a container","childPages":[]}]},{"href":"/en/code-security/code-scanning/managing-code-scanning-alerts","title":"Manage alerts","childPages":[{"href":"/en/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts","title":"About code scanning alerts","childPages":[]},{"href":"/en/code-security/code-scanning/managing-code-scanning-alerts/responsible-use-autofix-code-scanning","title":"Copilot Autofix for code scanning","childPages":[]},{"href":"/en/code-security/code-scanning/managing-code-scanning-alerts/disabling-autofix-for-code-scanning","title":"Disable Copilot Autofix","childPages":[]},{"href":"/en/code-security/code-scanning/managing-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository","title":"Assess alerts","childPages":[]},{"href":"/en/code-security/code-scanning/managing-code-scanning-alerts/resolving-code-scanning-alerts","title":"Resolve alerts","childPages":[]},{"href":"/en/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests","title":"Triage alerts in pull requests","childPages":[]},{"href":"/en/code-security/code-scanning/managing-code-scanning-alerts/tracking-code-scanning-alerts-in-issues-using-task-lists","title":"Track alerts in issues","childPages":[]}]},{"href":"/en/code-security/code-scanning/managing-your-code-scanning-configuration","title":"Manage code scanning","childPages":[{"href":"/en/code-security/code-scanning/managing-your-code-scanning-configuration/about-the-tool-status-page","title":"Code scanning tool status","childPages":[]},{"href":"/en/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup","title":"Edit default setup","childPages":[]},{"href":"/en/code-security/code-scanning/managing-your-code-scanning-configuration/set-code-scanning-merge-protection","title":"Set merge protection","childPages":[]},{"href":"/en/code-security/code-scanning/managing-your-code-scanning-configuration/codeql-query-suites","title":"CodeQL query suites","childPages":[]},{"href":"/en/code-security/code-scanning/managing-your-code-scanning-configuration/configuring-larger-runners-for-default-setup","title":"Configure larger runners","childPages":[]},{"href":"/en/code-security/code-scanning/managing-your-code-scanning-configuration/viewing-code-scanning-logs","title":"View code scanning logs","childPages":[]},{"href":"/en/code-security/code-scanning/managing-your-code-scanning-configuration/c-cpp-built-in-queries","title":"C and C++ CodeQL queries","childPages":[]},{"href":"/en/code-security/code-scanning/managing-your-code-scanning-configuration/csharp-built-in-queries","title":"C# CodeQL queries","childPages":[]},{"href":"/en/code-security/code-scanning/managing-your-code-scanning-configuration/go-built-in-queries","title":"Go CodeQL queries","childPages":[]},{"href":"/en/code-security/code-scanning/managing-your-code-scanning-configuration/java-kotlin-built-in-queries","title":"Java and Kotlin CodeQL queries","childPages":[]},{"href":"/en/code-security/code-scanning/managing-your-code-scanning-configuration/javascript-typescript-built-in-queries","title":"JavaScript and TypeScript queries","childPages":[]},{"href":"/en/code-security/code-scanning/managing-your-code-scanning-configuration/python-built-in-queries","title":"Python CodeQL queries","childPages":[]},{"href":"/en/code-security/code-scanning/managing-your-code-scanning-configuration/ruby-built-in-queries","title":"Ruby CodeQL queries","childPages":[]},{"href":"/en/code-security/code-scanning/managing-your-code-scanning-configuration/swift-built-in-queries","title":"Swift CodeQL queries","childPages":[]}]},{"href":"/en/code-security/code-scanning/integrating-with-code-scanning","title":"Integrate with code scanning","childPages":[{"href":"/en/code-security/code-scanning/integrating-with-code-scanning/about-integration-with-code-scanning","title":"About integration","childPages":[]},{"href":"/en/code-security/code-scanning/integrating-with-code-scanning/using-code-scanning-with-your-existing-ci-system","title":"Using code scanning with your existing CI system","childPages":[]},{"href":"/en/code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github","title":"Upload a SARIF file","childPages":[]},{"href":"/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning","title":"SARIF support","childPages":[]}]},{"href":"/en/code-security/code-scanning/troubleshooting-code-scanning","title":"Troubleshooting code scanning","childPages":[{"href":"/en/code-security/code-scanning/troubleshooting-code-scanning/advanced-security-must-be-enabled","title":"Advanced Security must be enabled","childPages":[]},{"href":"/en/code-security/code-scanning/troubleshooting-code-scanning/alerts-in-generated-code","title":"Alerts in generated code","childPages":[]},{"href":"/en/code-security/code-scanning/troubleshooting-code-scanning/analysis-takes-too-long","title":"Analysis takes too long","childPages":[]},{"href":"/en/code-security/code-scanning/troubleshooting-code-scanning/automatic-build-failed","title":"Automatic build failed","childPages":[]},{"href":"/en/code-security/code-scanning/troubleshooting-code-scanning/c-sharp-compiler-unexpectedly-failing","title":"C# compiler failing","childPages":[]},{"href":"/en/code-security/code-scanning/troubleshooting-code-scanning/cannot-enable-codeql-in-a-private-repository","title":"Cannot enable CodeQL in a private repository","childPages":[]},{"href":"/en/code-security/code-scanning/troubleshooting-code-scanning/enabling-default-setup-takes-too-long","title":"Enabling default setup takes too long","childPages":[]},{"href":"/en/code-security/code-scanning/troubleshooting-code-scanning/extraction-errors-in-the-database","title":"Extraction errors in the database","childPages":[]},{"href":"/en/code-security/code-scanning/troubleshooting-code-scanning/fewer-lines-scanned-than-expected","title":"Fewer lines scanned than expected","childPages":[]},{"href":"/en/code-security/code-scanning/troubleshooting-code-scanning/logs-not-detailed-enough","title":"Logs not detailed enough","childPages":[]},{"href":"/en/code-security/code-scanning/troubleshooting-code-scanning/no-source-code-seen-during-build","title":"No source code seen during build","childPages":[]},{"href":"/en/code-security/code-scanning/troubleshooting-code-scanning/not-recognized","title":"Not recognized","childPages":[]},{"href":"/en/code-security/code-scanning/troubleshooting-code-scanning/out-of-disk-or-memory","title":"Out of disk or memory","childPages":[]},{"href":"/en/code-security/code-scanning/troubleshooting-code-scanning/resource-not-accessible","title":"Resource not accessible","childPages":[]},{"href":"/en/code-security/code-scanning/troubleshooting-code-scanning/results-different-than-expected","title":"Results different than expected","childPages":[]},{"href":"/en/code-security/code-scanning/troubleshooting-code-scanning/server-error","title":"Server error","childPages":[]},{"href":"/en/code-security/code-scanning/troubleshooting-code-scanning/some-languages-not-analyzed","title":"Some languages not analyzed","childPages":[]},{"href":"/en/code-security/code-scanning/troubleshooting-code-scanning/two-codeql-workflows","title":"Two CodeQL workflows","childPages":[]},{"href":"/en/code-security/code-scanning/troubleshooting-code-scanning/unclear-what-triggered-a-workflow","title":"Unclear what triggered a workflow","childPages":[]},{"href":"/en/code-security/code-scanning/troubleshooting-code-scanning/unnecessary-step-found","title":"Unnecessary step found","childPages":[]},{"href":"/en/code-security/code-scanning/troubleshooting-code-scanning/kotlin-detected-in-no-build","title":"Kotlin detected in no build","childPages":[]}]},{"href":"/en/code-security/code-scanning/troubleshooting-sarif-uploads","title":"Troubleshooting SARIF uploads","childPages":[{"href":"/en/code-security/code-scanning/troubleshooting-sarif-uploads/ghas-required","title":"GitHub Advanced Security disabled","childPages":[]},{"href":"/en/code-security/code-scanning/troubleshooting-sarif-uploads/default-setup-enabled","title":"Default setup is enabled","childPages":[]},{"href":"/en/code-security/code-scanning/troubleshooting-sarif-uploads/missing-token","title":"GitHub token missing","childPages":[]},{"href":"/en/code-security/code-scanning/troubleshooting-sarif-uploads/sarif-invalid","title":"SARIF file invalid","childPages":[]},{"href":"/en/code-security/code-scanning/troubleshooting-sarif-uploads/file-too-large","title":"Results file too large","childPages":[]},{"href":"/en/code-security/code-scanning/troubleshooting-sarif-uploads/results-exceed-limit","title":"Results exceed limits","childPages":[]}]}]},{"href":"/en/code-security/codeql-cli","title":"CodeQL CLI","childPages":[{"href":"/en/code-security/codeql-cli/getting-started-with-the-codeql-cli","title":"Getting started","childPages":[{"href":"/en/code-security/codeql-cli/getting-started-with-the-codeql-cli/about-the-codeql-cli","title":"About the CodeQL CLI","childPages":[]},{"href":"/en/code-security/codeql-cli/getting-started-with-the-codeql-cli/setting-up-the-codeql-cli","title":"Setting up the CodeQL CLI","childPages":[]},{"href":"/en/code-security/codeql-cli/getting-started-with-the-codeql-cli/preparing-your-code-for-codeql-analysis","title":"Preparing code for analysis","childPages":[]},{"href":"/en/code-security/codeql-cli/getting-started-with-the-codeql-cli/analyzing-your-code-with-codeql-queries","title":"Analyzing code","childPages":[]},{"href":"/en/code-security/codeql-cli/getting-started-with-the-codeql-cli/uploading-codeql-analysis-results-to-github","title":"Uploading results to GitHub","childPages":[]},{"href":"/en/code-security/codeql-cli/getting-started-with-the-codeql-cli/customizing-analysis-with-codeql-packs","title":"Customizing analysis","childPages":[]}]},{"href":"/en/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli","title":"Advanced functionality","childPages":[{"href":"/en/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/advanced-setup-of-the-codeql-cli","title":"Advanced setup of the CodeQL CLI","childPages":[]},{"href":"/en/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/about-codeql-workspaces","title":"About CodeQL workspaces","childPages":[]},{"href":"/en/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/using-custom-queries-with-the-codeql-cli","title":"Using custom queries with the CodeQL CLI","childPages":[]},{"href":"/en/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-codeql-query-suites","title":"Creating CodeQL query suites","childPages":[]},{"href":"/en/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/testing-custom-queries","title":"Testing custom queries","childPages":[]},{"href":"/en/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/testing-query-help-files","title":"Testing query help files","childPages":[]},{"href":"/en/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-and-working-with-codeql-packs","title":"Creating and working with CodeQL packs","childPages":[]},{"href":"/en/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/publishing-and-using-codeql-packs","title":"Publishing and using CodeQL packs","childPages":[]},{"href":"/en/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/specifying-command-options-in-a-codeql-configuration-file","title":"Specifying command options in a CodeQL configuration file","childPages":[]},{"href":"/en/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/query-reference-files","title":"Query reference files","childPages":[]},{"href":"/en/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/sarif-output","title":"CodeQL CLI SARIF output","childPages":[]},{"href":"/en/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/csv-output","title":"CodeQL CLI CSV output","childPages":[]},{"href":"/en/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/extractor-options","title":"Extractor options","childPages":[]},{"href":"/en/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/exit-codes","title":"Exit codes","childPages":[]}]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual","title":"CodeQL CLI manual","childPages":[{"href":"/en/code-security/codeql-cli/codeql-cli-manual/bqrs-decode","title":"bqrs decode","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/bqrs-diff","title":"bqrs diff","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/bqrs-hash","title":"bqrs hash","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/bqrs-info","title":"bqrs info","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/bqrs-interpret","title":"bqrs interpret","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/database-add-diagnostic","title":"database add-diagnostic","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/database-analyze","title":"database analyze","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/database-bundle","title":"database bundle","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/database-cleanup","title":"database cleanup","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/database-create","title":"database create","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/database-export-diagnostics","title":"database export-diagnostics","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/database-finalize","title":"database finalize","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/database-import","title":"database import","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/database-index-files","title":"database index-files","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/database-init","title":"database init","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/database-interpret-results","title":"database interpret-results","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/database-print-baseline","title":"database print-baseline","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/database-run-queries","title":"database run-queries","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/database-trace-command","title":"database trace-command","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/database-unbundle","title":"database unbundle","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/database-upgrade","title":"database upgrade","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/dataset-check","title":"dataset check","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/dataset-cleanup","title":"dataset cleanup","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/dataset-import","title":"dataset import","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/dataset-measure","title":"dataset measure","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/dataset-upgrade","title":"dataset upgrade","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/diagnostic-add","title":"diagnostic add","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/diagnostic-export","title":"diagnostic export","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/execute-cli-server","title":"execute cli-server","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/execute-language-server","title":"execute language-server","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/execute-queries","title":"execute queries","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/execute-query-server","title":"execute query-server","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/execute-query-server2","title":"execute query-server2","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/execute-upgrades","title":"execute upgrades","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/generate-extensible-predicate-metadata","title":"generate extensible-predicate-metadata","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/generate-log-summary","title":"generate log-summary","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/generate-query-help","title":"generate query-help","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/github-merge-results","title":"github merge-results","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/github-upload-results","title":"github upload-results","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/pack-add","title":"pack add","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/pack-bundle","title":"pack bundle","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/pack-ci","title":"pack ci","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/pack-create","title":"pack create","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/pack-download","title":"pack download","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/pack-init","title":"pack init","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/pack-install","title":"pack install","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/pack-ls","title":"pack ls","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/pack-packlist","title":"pack packlist","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/pack-publish","title":"pack publish","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/pack-resolve-dependencies","title":"pack resolve-dependencies","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/pack-upgrade","title":"pack upgrade","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/query-compile","title":"query compile","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/query-decompile","title":"query decompile","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/query-format","title":"query format","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/query-run","title":"query run","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/resolve-database","title":"resolve database","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/resolve-extensions","title":"resolve extensions","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/resolve-extensions-by-pack","title":"resolve extensions-by-pack","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/resolve-extractor","title":"resolve extractor","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/resolve-files","title":"resolve files","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/resolve-languages","title":"resolve languages","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/resolve-library-path","title":"resolve library-path","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/resolve-metadata","title":"resolve metadata","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/resolve-ml-models","title":"resolve ml-models","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/resolve-packs","title":"resolve packs","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/resolve-qlpacks","title":"resolve qlpacks","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/resolve-qlref","title":"resolve qlref","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/resolve-queries","title":"resolve queries","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/resolve-ram","title":"resolve ram","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/resolve-tests","title":"resolve tests","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/resolve-upgrades","title":"resolve upgrades","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/test-accept","title":"test accept","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/test-extract","title":"test extract","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/test-run","title":"test run","childPages":[]},{"href":"/en/code-security/codeql-cli/codeql-cli-manual/version","title":"version","childPages":[]}]}]},{"href":"/en/code-security/codeql-for-vs-code","title":"CodeQL for VS Code","childPages":[{"href":"/en/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code","title":"Getting started","childPages":[{"href":"/en/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/about-codeql-for-vs-code","title":"About the extension","childPages":[]},{"href":"/en/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/installing-codeql-for-vs-code","title":"Extension installation","childPages":[]},{"href":"/en/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/managing-codeql-databases","title":"Manage CodeQL databases","childPages":[]},{"href":"/en/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/running-codeql-queries","title":"Run CodeQL queries","childPages":[]},{"href":"/en/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/exploring-data-flow-with-path-queries","title":"Explore data flow","childPages":[]},{"href":"/en/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/running-codeql-queries-at-scale-with-multi-repository-variant-analysis","title":"Queries at scale","childPages":[]}]},{"href":"/en/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension","title":"Advanced functionality","childPages":[{"href":"/en/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/using-the-codeql-model-editor","title":"CodeQL model editor","childPages":[]},{"href":"/en/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/creating-a-custom-query","title":"Custom query creation","childPages":[]},{"href":"/en/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/managing-codeql-packs","title":"Manage CodeQL packs","childPages":[]},{"href":"/en/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/exploring-the-structure-of-your-source-code","title":"Explore code structure","childPages":[]},{"href":"/en/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/testing-codeql-queries-in-vs-code","title":"Test CodeQL queries","childPages":[]},{"href":"/en/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/customizing-settings","title":"Customize settings","childPages":[]},{"href":"/en/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/setting-up-a-codeql-workspace","title":"CodeQL workspace setup","childPages":[]},{"href":"/en/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/configuring-access-to-the-codeql-cli","title":"CodeQL CLI access","childPages":[]},{"href":"/en/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/telemetry-in-codeql-for-visual-studio-code","title":"Telemetry","childPages":[]}]},{"href":"/en/code-security/codeql-for-vs-code/troubleshooting-codeql-for-vs-code","title":"Troubleshooting CodeQL for VS Code","childPages":[{"href":"/en/code-security/codeql-for-vs-code/troubleshooting-codeql-for-vs-code/accessing-logs","title":"Access logs","childPages":[]},{"href":"/en/code-security/codeql-for-vs-code/troubleshooting-codeql-for-vs-code/warning-problem-with-controller-repository","title":"Problem with controller repository","childPages":[]}]}]},{"href":"/en/code-security/security-advisories","title":"Security advisories","childPages":[{"href":"/en/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database","title":"Global security advisories","childPages":[{"href":"/en/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/about-the-github-advisory-database","title":"About the GitHub Advisory database","childPages":[]},{"href":"/en/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/about-global-security-advisories","title":"About global security advisories","childPages":[]},{"href":"/en/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/browsing-security-advisories-in-the-github-advisory-database","title":"Browse Advisory Database","childPages":[]},{"href":"/en/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/editing-security-advisories-in-the-github-advisory-database","title":"Edit Advisory Database","childPages":[]}]},{"href":"/en/code-security/security-advisories/working-with-repository-security-advisories","title":"Repository security advisories","childPages":[{"href":"/en/code-security/security-advisories/working-with-repository-security-advisories/about-repository-security-advisories","title":"About repository security advisories","childPages":[]},{"href":"/en/code-security/security-advisories/working-with-repository-security-advisories/permission-levels-for-repository-security-advisories","title":"Permission levels","childPages":[]},{"href":"/en/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository","title":"Configure for a repository","childPages":[]},{"href":"/en/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-an-organization","title":"Configure for an organization","childPages":[]},{"href":"/en/code-security/security-advisories/working-with-repository-security-advisories/creating-a-repository-security-advisory","title":"Create repository advisories","childPages":[]},{"href":"/en/code-security/security-advisories/working-with-repository-security-advisories/editing-a-repository-security-advisory","title":"Edit repository advisories","childPages":[]},{"href":"/en/code-security/security-advisories/working-with-repository-security-advisories/evaluating-the-security-settings-of-a-repository","title":"Evaluate repository security","childPages":[]},{"href":"/en/code-security/security-advisories/working-with-repository-security-advisories/collaborating-in-a-temporary-private-fork-to-resolve-a-repository-security-vulnerability","title":"Temporary private forks","childPages":[]},{"href":"/en/code-security/security-advisories/working-with-repository-security-advisories/publishing-a-repository-security-advisory","title":"Publish repository advisories","childPages":[]},{"href":"/en/code-security/security-advisories/working-with-repository-security-advisories/adding-a-collaborator-to-a-repository-security-advisory","title":"Add collaborators","childPages":[]},{"href":"/en/code-security/security-advisories/working-with-repository-security-advisories/removing-a-collaborator-from-a-repository-security-advisory","title":"Remove collaborators","childPages":[]},{"href":"/en/code-security/security-advisories/working-with-repository-security-advisories/deleting-a-repository-security-advisory","title":"Delete repository advisories","childPages":[]}]},{"href":"/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities","title":"Guidance on reporting and writing","childPages":[{"href":"/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/about-coordinated-disclosure-of-security-vulnerabilities","title":"Coordinated disclosure","childPages":[]},{"href":"/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/best-practices-for-writing-repository-security-advisories","title":"Best practices","childPages":[]},{"href":"/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability","title":"Privately reporting","childPages":[]},{"href":"/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/managing-privately-reported-security-vulnerabilities","title":"Manage vulnerability reports","childPages":[]}]}]},{"href":"/en/code-security/supply-chain-security","title":"Supply chain security","childPages":[{"href":"/en/code-security/supply-chain-security/understanding-your-software-supply-chain","title":"Understand your supply chain","childPages":[{"href":"/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security","title":"Supply chain security","childPages":[]},{"href":"/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph","title":"Dependency graph","childPages":[]},{"href":"/en/code-security/supply-chain-security/understanding-your-software-supply-chain/dependency-graph-supported-package-ecosystems","title":"Dependency graph ecosystem support","childPages":[]},{"href":"/en/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-the-dependency-graph","title":"Configure dependency graph","childPages":[]},{"href":"/en/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository","title":"Automatic dependency submission","childPages":[]},{"href":"/en/code-security/supply-chain-security/understanding-your-software-supply-chain/exporting-a-software-bill-of-materials-for-your-repository","title":"Export dependencies as SBOM","childPages":[]},{"href":"/en/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api","title":"Dependency submission API","childPages":[]},{"href":"/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review","title":"Dependency review","childPages":[]},{"href":"/en/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review","title":"Configure dependency review","childPages":[]},{"href":"/en/code-security/supply-chain-security/understanding-your-software-supply-chain/customizing-your-dependency-review-action-configuration","title":"Customize dependency review","childPages":[]},{"href":"/en/code-security/supply-chain-security/understanding-your-software-supply-chain/enforcing-dependency-review-across-an-organization","title":"Enforce dependency review","childPages":[]},{"href":"/en/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository","title":"Explore dependencies","childPages":[]},{"href":"/en/code-security/supply-chain-security/understanding-your-software-supply-chain/troubleshooting-the-dependency-graph","title":"Troubleshoot dependency graph","childPages":[]}]},{"href":"/en/code-security/supply-chain-security/end-to-end-supply-chain","title":"End-to-end supply chain","childPages":[{"href":"/en/code-security/supply-chain-security/end-to-end-supply-chain/end-to-end-supply-chain-overview","title":"Overview","childPages":[]},{"href":"/en/code-security/supply-chain-security/end-to-end-supply-chain/securing-accounts","title":"Securing accounts","childPages":[]},{"href":"/en/code-security/supply-chain-security/end-to-end-supply-chain/securing-code","title":"Securing code","childPages":[]},{"href":"/en/code-security/supply-chain-security/end-to-end-supply-chain/securing-builds","title":"Securing builds","childPages":[]}]}]},{"href":"/en/code-security/dependabot","title":"Dependabot","childPages":[{"href":"/en/code-security/dependabot/ecosystems-supported-by-dependabot","title":"Dependabot ecosystems","childPages":[{"href":"/en/code-security/dependabot/ecosystems-supported-by-dependabot/supported-ecosystems-and-repositories","title":"Dependabot ecosystem support","childPages":[]},{"href":"/en/code-security/dependabot/ecosystems-supported-by-dependabot/optimizing-java-packages-dependabot","title":"Optimize Java packages","childPages":[]}]},{"href":"/en/code-security/dependabot/dependabot-alerts","title":"Dependabot alerts","childPages":[{"href":"/en/code-security/dependabot/dependabot-alerts/about-dependabot-alerts","title":"Dependabot alerts","childPages":[]},{"href":"/en/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts","title":"Configure Dependabot alerts","childPages":[]},{"href":"/en/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts","title":"View Dependabot alerts","childPages":[]},{"href":"/en/code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts","title":"Configure notifications","childPages":[]}]},{"href":"/en/code-security/dependabot/dependabot-auto-triage-rules","title":"Dependabot auto-triage rules","childPages":[{"href":"/en/code-security/dependabot/dependabot-auto-triage-rules/about-dependabot-auto-triage-rules","title":"About auto-triage rules","childPages":[]},{"href":"/en/code-security/dependabot/dependabot-auto-triage-rules/using-github-preset-rules-to-prioritize-dependabot-alerts","title":"GitHub preset rules","childPages":[]},{"href":"/en/code-security/dependabot/dependabot-auto-triage-rules/customizing-auto-triage-rules-to-prioritize-dependabot-alerts","title":"Custom auto-triage rules","childPages":[]},{"href":"/en/code-security/dependabot/dependabot-auto-triage-rules/managing-automatically-dismissed-alerts","title":"Manage auto-dismissed alerts","childPages":[]}]},{"href":"/en/code-security/dependabot/dependabot-security-updates","title":"Dependabot security updates","childPages":[{"href":"/en/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates","title":"Dependabot security updates","childPages":[]},{"href":"/en/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates","title":"Configure security updates","childPages":[]}]},{"href":"/en/code-security/dependabot/dependabot-version-updates","title":"Dependabot version updates","childPages":[{"href":"/en/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates","title":"Dependabot version updates","childPages":[]},{"href":"/en/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates","title":"Configure version updates","childPages":[]},{"href":"/en/code-security/dependabot/dependabot-version-updates/listing-dependencies-configured-for-version-updates","title":"List configured dependencies","childPages":[]},{"href":"/en/code-security/dependabot/dependabot-version-updates/customizing-dependency-updates","title":"Customize updates","childPages":[]},{"href":"/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file","title":"Configure dependabot.yml","childPages":[]}]},{"href":"/en/code-security/dependabot/working-with-dependabot","title":"Work with Dependabot","childPages":[{"href":"/en/code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates","title":"Manage Dependabot PRs","childPages":[]},{"href":"/en/code-security/dependabot/working-with-dependabot/about-dependabot-on-github-actions-runners","title":"About Dependabot on Actions","childPages":[]},{"href":"/en/code-security/dependabot/working-with-dependabot/managing-dependabot-on-self-hosted-runners","title":"Manage Dependabot on self-hosted runners","childPages":[]},{"href":"/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions","title":"Use Dependabot with Actions","childPages":[]},{"href":"/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot","title":"Auto-update actions","childPages":[]},{"href":"/en/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot","title":"Configure access to private registries","childPages":[]},{"href":"/en/code-security/dependabot/working-with-dependabot/guidance-for-the-configuration-of-private-registries-for-dependabot","title":"Guidance for configuring private registries","childPages":[]},{"href":"/en/code-security/dependabot/working-with-dependabot/removing-dependabot-access-to-public-registries","title":"Remove access to public registries","childPages":[]},{"href":"/en/code-security/dependabot/working-with-dependabot/viewing-dependabot-job-logs","title":"Viewing Dependabot logs","childPages":[]},{"href":"/en/code-security/dependabot/working-with-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies","title":"Troubleshoot vulnerability detection","childPages":[]},{"href":"/en/code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors","title":"Troubleshoot errors","childPages":[]},{"href":"/en/code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-on-github-actions","title":"Troubleshoot Dependabot on Actions","childPages":[]}]}]},{"href":"/en/code-security/security-overview","title":"Security overview","childPages":[{"href":"/en/code-security/security-overview/about-security-overview","title":"About security overview","childPages":[]}]}]},"featureFlags":{},"nonEnterpriseDefaultVersion":"free-pro-team@latest","status":200,"fullUrl":"https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning","currentLayoutName":"default","relativePath":"code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.md"},"articleContext":{"title":"Customizing your advanced setup for code scanning","intro":"\u003cp\u003eYou can customize how your advanced setup scans the code in your project for vulnerabilities and errors.\u003c/p\u003e","effectiveDate":"","renderedPage":"\u003ch2 id=\"about-code-scanning-configuration\" tabindex=\"-1\"\u003e\u003ca class=\"heading-link\" href=\"#about-code-scanning-configuration\"\u003eAbout code scanning configuration\u003cspan class=\"heading-link-symbol\" aria-hidden=\"true\"\u003e\u003c/span\u003e\u003c/a\u003e\u003c/h2\u003e\n\u003cp\u003eYou can run code scanning on GitHub, using GitHub Actions, or from your continuous integration (CI) system. For more information, see \"\u003ca href=\"/en/actions/learn-github-actions\" _originalHref=\"/actions/learn-github-actions\"\u003eWriting workflows\u003c/a\u003e\" or \"\u003ca href=\"/en/code-security/code-scanning/integrating-with-code-scanning/using-code-scanning-with-your-existing-ci-system\" _originalHref=\"/code-security/code-scanning/integrating-with-code-scanning/using-code-scanning-with-your-existing-ci-system\"\u003eUsing code scanning with your existing CI system\u003c/a\u003e.\"\u003c/p\u003e\n\u003cp\u003eWith advanced setup for code scanning, you can customize a code scanning workflow for granular control over your configuration. For more information, see \"\u003ca href=\"/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning\" _originalHref=\"/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning\"\u003eConfiguring advanced setup for code scanning\u003c/a\u003e.\"\u003c/p\u003e\n\u003cp\u003eCodeQL analysis is just one type of code scanning you can do in GitHub. GitHub Marketplace contains other code scanning workflows you can use. You can find a selection of these on the \"Get started with code scanning\" page, which you can access from the \u003cstrong\u003e\u003csvg version=\"1.1\" width=\"16\" height=\"16\" viewBox=\"0 0 16 16\" class=\"octicon octicon-shield\" aria-hidden=\"true\"\u003e\u003cpath d=\"M7.467.133a1.748 1.748 0 0 1 1.066 0l5.25 1.68A1.75 1.75 0 0 1 15 3.48V7c0 1.566-.32 3.182-1.303 4.682-.983 1.498-2.585 2.813-5.032 3.855a1.697 1.697 0 0 1-1.33 0c-2.447-1.042-4.049-2.357-5.032-3.855C1.32 10.182 1 8.566 1 7V3.48a1.75 1.75 0 0 1 1.217-1.667Zm.61 1.429a.25.25 0 0 0-.153 0l-5.25 1.68a.25.25 0 0 0-.174.238V7c0 1.358.275 2.666 1.057 3.86.784 1.194 2.121 2.34 4.366 3.297a.196.196 0 0 0 .154 0c2.245-.956 3.582-2.104 4.366-3.298C13.225 9.666 13.5 8.36 13.5 7V3.48a.251.251 0 0 0-.174-.237l-5.25-1.68ZM8.75 4.75v3a.75.75 0 0 1-1.5 0v-3a.75.75 0 0 1 1.5 0ZM9 10.5a1 1 0 1 1-2 0 1 1 0 0 1 2 0Z\"\u003e\u003c/path\u003e\u003c/svg\u003e Security\u003c/strong\u003e tab. The specific examples given in this article relate to the CodeQL analysis workflow file.\u003c/p\u003e\n\u003ch2 id=\"editing-a-code-scanning-workflow\" tabindex=\"-1\"\u003e\u003ca class=\"heading-link\" href=\"#editing-a-code-scanning-workflow\"\u003eEditing a code scanning workflow\u003cspan class=\"heading-link-symbol\" aria-hidden=\"true\"\u003e\u003c/span\u003e\u003c/a\u003e\u003c/h2\u003e\n\u003cp\u003eGitHub saves workflow files in the \u003cem\u003e.github/workflows\u003c/em\u003e directory of your repository. You can find a workflow you have added by searching for its file name. For example, by default, the workflow file for CodeQL code scanning is called \u003cem\u003ecodeql-analysis.yml\u003c/em\u003e.\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eIn your repository, browse to the workflow file you want to edit.\u003c/li\u003e\n\u003cli\u003eIn the upper right corner of the file view, to open the workflow editor, click \u003csvg version=\"1.1\" width=\"16\" height=\"16\" viewBox=\"0 0 16 16\" class=\"octicon octicon-pencil\" aria-label=\"Edit file\" role=\"img\"\u003e\u003cpath d=\"M11.013 1.427a1.75 1.75 0 0 1 2.474 0l1.086 1.086a1.75 1.75 0 0 1 0 2.474l-8.61 8.61c-.21.21-.47.364-.756.445l-3.251.93a.75.75 0 0 1-.927-.928l.929-3.25c.081-.286.235-.547.445-.758l8.61-8.61Zm.176 4.823L9.75 4.81l-6.286 6.287a.253.253 0 0 0-.064.108l-.558 1.953 1.953-.558a.253.253 0 0 0 .108-.064Zm1.238-3.763a.25.25 0 0 0-.354 0L10.811 3.75l1.439 1.44 1.263-1.263a.25.25 0 0 0 0-.354Z\"\u003e\u003c/path\u003e\u003c/svg\u003e.\u003c/li\u003e\n\u003cli\u003eAfter you have edited the file, click \u003cstrong\u003eStart commit\u003c/strong\u003e and complete the \"Commit changes\" form. You can choose to commit directly to the current branch, or create a new branch and start a pull request.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eFor more information about editing workflow files, see \"\u003ca href=\"/en/actions/learn-github-actions\" _originalHref=\"/actions/learn-github-actions\"\u003eWriting workflows\u003c/a\u003e.\"\u003c/p\u003e\n\u003ch2 id=\"configuring-frequency\" tabindex=\"-1\"\u003e\u003ca class=\"heading-link\" href=\"#configuring-frequency\"\u003eConfiguring frequency\u003cspan class=\"heading-link-symbol\" aria-hidden=\"true\"\u003e\u003c/span\u003e\u003c/a\u003e\u003c/h2\u003e\n\u003cp\u003eYou can configure the CodeQL analysis workflow to scan code on a schedule or when specific events occur in a repository.\u003c/p\u003e\n\u003cp\u003eScanning code when someone pushes a change, and whenever a pull request is created, prevents developers from introducing new vulnerabilities and errors into the code. Scanning code on a schedule informs you about the latest vulnerabilities and errors that GitHub, security researchers, and the community discover, even when developers aren't actively maintaining the repository.\u003c/p\u003e\n\u003ch3 id=\"scanning-on-push\" tabindex=\"-1\"\u003e\u003ca class=\"heading-link\" href=\"#scanning-on-push\"\u003eScanning on push\u003cspan class=\"heading-link-symbol\" aria-hidden=\"true\"\u003e\u003c/span\u003e\u003c/a\u003e\u003c/h3\u003e\n\u003cp\u003eBy default, the CodeQL analysis workflow uses the \u003ccode\u003eon:push\u003c/code\u003e event to trigger a code scan on every push to the default branch of the repository and any protected branches. For code scanning to be triggered on a specified branch, the workflow must exist in that branch. For more information, see \"\u003ca href=\"/en/actions/using-workflows/workflow-syntax-for-github-actions#on\" _originalHref=\"/actions/using-workflows/workflow-syntax-for-github-actions#on\"\u003eWorkflow syntax for GitHub Actions\u003c/a\u003e.\"\u003c/p\u003e\n\u003cp\u003eIf you scan on push, then the results appear in the \u003cstrong\u003eSecurity\u003c/strong\u003e tab for your repository. For more information, see \"\u003ca href=\"/en/code-security/code-scanning/managing-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository#viewing-the-alerts-for-a-repository\" _originalHref=\"/code-security/code-scanning/managing-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository#viewing-the-alerts-for-a-repository\"\u003eAssessing code scanning alerts for your repository\u003c/a\u003e.\"\u003c/p\u003e\n\u003cp\u003eAdditionally, when an \u003ccode\u003eon:push\u003c/code\u003e scan returns results that can be mapped to an open pull request, these alerts will automatically appear on the pull request in the same places as other pull request alerts. The alerts are identified by comparing the existing analysis of the head of the branch to the analysis for the target branch. For more information on code scanning alerts in pull requests, see \"\u003ca href=\"/en/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests\" _originalHref=\"/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests\"\u003eTriaging code scanning alerts in pull requests\u003c/a\u003e.\"\u003c/p\u003e\n\u003ch3 id=\"scanning-pull-requests\" tabindex=\"-1\"\u003e\u003ca class=\"heading-link\" href=\"#scanning-pull-requests\"\u003eScanning pull requests\u003cspan class=\"heading-link-symbol\" aria-hidden=\"true\"\u003e\u003c/span\u003e\u003c/a\u003e\u003c/h3\u003e\n\u003cp\u003eThe default CodeQL analysis workflow uses the \u003ccode\u003epull_request\u003c/code\u003e event to trigger a code scan on pull requests targeted against the default branch. If a pull request is from a private fork, the \u003ccode\u003epull_request\u003c/code\u003e event will only be triggered if you've selected the \"Run workflows from fork pull requests\" option in the repository settings. For more information, see \"\u003ca href=\"/en/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks\" _originalHref=\"/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks\"\u003eManaging GitHub Actions settings for a repository\u003c/a\u003e.\"\u003c/p\u003e\n\u003cp\u003eFor more information about the \u003ccode\u003epull_request\u003c/code\u003e event, see \"\u003ca href=\"/en/actions/using-workflows/events-that-trigger-workflows#pull_request\" _originalHref=\"/actions/using-workflows/events-that-trigger-workflows#pull_request\"\u003eEvents that trigger workflows\u003c/a\u003e.\"\u003c/p\u003e\n\u003cp\u003eIf you scan pull requests, then the results appear as alerts in a pull request check. For more information, see \"\u003ca href=\"/en/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests\" _originalHref=\"/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests\"\u003eTriaging code scanning alerts in pull requests\u003c/a\u003e.\"\u003c/p\u003e\n\u003cp\u003eUsing the \u003ccode\u003epull_request\u003c/code\u003e trigger, configured to scan the pull request's merge commit rather than the head commit, will produce more efficient and accurate results than scanning the head of the branch on each push. However, if you use a CI/CD system that cannot be configured to trigger on pull requests, you can still use the \u003ccode\u003eon:push\u003c/code\u003e trigger and code scanning will map the results to open pull requests on the branch and add the alerts as annotations on the pull request. For more information, see \"\u003ca href=\"#scanning-on-push\"\u003eScanning on push\u003c/a\u003e.\"\u003c/p\u003e\n\u003cdiv class=\"ghd-alert ghd-alert-accent\"\u003e\u003cp class=\"ghd-alert-title\"\u003e\u003csvg version=\"1.1\" width=\"16\" height=\"16\" viewBox=\"0 0 16 16\" class=\"octicon mr-2\" aria-hidden\u003e\u003cpath d=\"M0 8a8 8 0 1 1 16 0A8 8 0 0 1 0 8Zm8-6.5a6.5 6.5 0 1 0 0 13 6.5 6.5 0 0 0 0-13ZM6.5 7.75A.75.75 0 0 1 7.25 7h1a.75.75 0 0 1 .75.75v2.75h.25a.75.75 0 0 1 0 1.5h-2a.75.75 0 0 1 0-1.5h.25v-2h-.25a.75.75 0 0 1-.75-.75ZM8 6a1 1 0 1 1 0-2 1 1 0 0 1 0 2Z\"\u003e\u003c/path\u003e\u003c/svg\u003eNote\u003c/p\u003e\n\u003cp\u003e\nIf your repository is configured with a merge queue, you need to include the \u003ccode\u003emerge_group\u003c/code\u003e event as an additional trigger for code scanning. This will ensure that pull requests are also scanned when they are added to a merge queue. For more information, see \"\u003ca href=\"/en/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/managing-a-merge-queue\" _originalHref=\"/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/managing-a-merge-queue\"\u003eManaging a merge queue\u003c/a\u003e.\"\u003c/p\u003e\n\u003c/div\u003e\n\u003ch3 id=\"avoiding-unnecessary-scans-of-pull-requests\" tabindex=\"-1\"\u003e\u003ca class=\"heading-link\" href=\"#avoiding-unnecessary-scans-of-pull-requests\"\u003eAvoiding unnecessary scans of pull requests\u003cspan class=\"heading-link-symbol\" aria-hidden=\"true\"\u003e\u003c/span\u003e\u003c/a\u003e\u003c/h3\u003e\n\u003cp\u003eYou might want to avoid a code scan being triggered on specific pull requests targeted against the default branch, irrespective of which files have been changed. You can configure this by specifying \u003ccode\u003eon:pull_request:paths-ignore\u003c/code\u003e or \u003ccode\u003eon:pull_request:paths\u003c/code\u003e in the code scanning workflow. For example, if the only changes in a pull request are to files with the file extensions \u003ccode\u003e.md\u003c/code\u003e or \u003ccode\u003e.txt\u003c/code\u003e you can use the following \u003ccode\u003epaths-ignore\u003c/code\u003e array.\u003c/p\u003e\n\u003cdiv class=\"code-example\"\u003e\u003cheader class=\"d-flex flex-items-center flex-justify-between p-2 text-small rounded-top-1 border-top border-left border-right\"\u003e\u003cspan class=\"flex-1\"\u003eYAML\u003c/span\u003e\u003cbutton class=\"js-btn-copy btn btn-sm tooltipped tooltipped-nw\" aria-label=\"Copy YAML code to clipboard\" data-clipboard=\"1454303692\"\u003e\u003csvg version=\"1.1\" width=\"16\" height=\"16\" viewBox=\"0 0 16 16\" class=\"octicon octicon-copy\" aria-hidden=\"true\"\u003e\u003cpath d=\"M0 6.75C0 5.784.784 5 1.75 5h1.5a.75.75 0 0 1 0 1.5h-1.5a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-1.5a.75.75 0 0 1 1.5 0v1.5A1.75 1.75 0 0 1 9.25 16h-7.5A1.75 1.75 0 0 1 0 14.25Z\"\u003e\u003c/path\u003e\u003cpath d=\"M5 1.75C5 .784 5.784 0 6.75 0h7.5C15.216 0 16 .784 16 1.75v7.5A1.75 1.75 0 0 1 14.25 11h-7.5A1.75 1.75 0 0 1 5 9.25Zm1.75-.25a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-7.5a.25.25 0 0 0-.25-.25Z\"\u003e\u003c/path\u003e\u003c/svg\u003e\u003c/button\u003e\u003cpre hidden data-clipboard=\"1454303692\"\u003eon:\n push:\n branches: [main, protected]\n pull_request:\n branches: [main]\n paths-ignore:\n - '**/*.md'\n - '**/*.txt'\n\u003c/pre\u003e\u003c/header\u003e\u003cpre\u003e\u003ccode class=\"hljs language-yaml\"\u003e\u003cspan class=\"hljs-attr\"\u003eon:\u003c/span\u003e\n \u003cspan class=\"hljs-attr\"\u003epush:\u003c/span\u003e\n \u003cspan class=\"hljs-attr\"\u003ebranches:\u003c/span\u003e [\u003cspan class=\"hljs-string\"\u003emain\u003c/span\u003e, \u003cspan class=\"hljs-string\"\u003eprotected\u003c/span\u003e]\n \u003cspan class=\"hljs-attr\"\u003epull_request:\u003c/span\u003e\n \u003cspan class=\"hljs-attr\"\u003ebranches:\u003c/span\u003e [\u003cspan class=\"hljs-string\"\u003emain\u003c/span\u003e]\n \u003cspan class=\"hljs-attr\"\u003epaths-ignore:\u003c/span\u003e\n \u003cspan class=\"hljs-bullet\"\u003e-\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003e'**/*.md'\u003c/span\u003e\n \u003cspan class=\"hljs-bullet\"\u003e-\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003e'**/*.txt'\u003c/span\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e\n\u003cdiv class=\"ghd-alert ghd-alert-accent\"\u003e\u003cp class=\"ghd-alert-title\"\u003e\u003csvg version=\"1.1\" width=\"16\" height=\"16\" viewBox=\"0 0 16 16\" class=\"octicon mr-2\" aria-hidden\u003e\u003cpath d=\"M0 8a8 8 0 1 1 16 0A8 8 0 0 1 0 8Zm8-6.5a6.5 6.5 0 1 0 0 13 6.5 6.5 0 0 0 0-13ZM6.5 7.75A.75.75 0 0 1 7.25 7h1a.75.75 0 0 1 .75.75v2.75h.25a.75.75 0 0 1 0 1.5h-2a.75.75 0 0 1 0-1.5h.25v-2h-.25a.75.75 0 0 1-.75-.75ZM8 6a1 1 0 1 1 0-2 1 1 0 0 1 0 2Z\"\u003e\u003c/path\u003e\u003c/svg\u003eNote\u003c/p\u003e\n\u003cp\u003e\n\u003ccode\u003eon:pull_request:paths-ignore\u003c/code\u003e and \u003ccode\u003eon:pull_request:paths\u003c/code\u003e set conditions that determine whether the actions in the workflow will run on a pull request. They don't determine what files will be analyzed when the actions \u003cem\u003eare\u003c/em\u003e run. When a pull request contains any files that are not matched by \u003ccode\u003eon:pull_request:paths-ignore\u003c/code\u003e or \u003ccode\u003eon:pull_request:paths\u003c/code\u003e, the workflow runs the actions and scans all of the files changed in the pull request, including those matched by \u003ccode\u003eon:pull_request:paths-ignore\u003c/code\u003e or \u003ccode\u003eon:pull_request:paths\u003c/code\u003e, unless the files have been excluded. For information on how to exclude files from analysis, see \"\u003ca href=\"#specifying-directories-to-scan\"\u003eSpecifying directories to scan\u003c/a\u003e.\"\u003c/p\u003e\n\u003c/div\u003e\n\u003cp\u003eFor more information about using \u003ccode\u003eon:pull_request:paths-ignore\u003c/code\u003e and \u003ccode\u003eon:pull_request:paths\u003c/code\u003e to determine when a workflow will run for a pull request, see \"\u003ca href=\"/en/actions/using-workflows/workflow-syntax-for-github-actions#onpushpull_requestpull_request_targetpathspaths-ignore\" _originalHref=\"/actions/using-workflows/workflow-syntax-for-github-actions#onpushpull_requestpull_request_targetpathspaths-ignore\"\u003eWorkflow syntax for GitHub Actions\u003c/a\u003e.\"\u003c/p\u003e\n\u003ch3 id=\"scanning-on-a-schedule\" tabindex=\"-1\"\u003e\u003ca class=\"heading-link\" href=\"#scanning-on-a-schedule\"\u003eScanning on a schedule\u003cspan class=\"heading-link-symbol\" aria-hidden=\"true\"\u003e\u003c/span\u003e\u003c/a\u003e\u003c/h3\u003e\n\u003cp\u003eIf you use the default CodeQL analysis workflow, the workflow will scan the code in your repository once a week, in addition to the scans triggered by events. To adjust this schedule, edit the \u003ccode\u003ecron\u003c/code\u003e value in the workflow. For more information, see \"\u003ca href=\"/en/actions/using-workflows/workflow-syntax-for-github-actions#onschedule\" _originalHref=\"/actions/using-workflows/workflow-syntax-for-github-actions#onschedule\"\u003eWorkflow syntax for GitHub Actions\u003c/a\u003e.\"\u003c/p\u003e\n\u003cdiv class=\"ghd-alert ghd-alert-accent\"\u003e\u003cp class=\"ghd-alert-title\"\u003e\u003csvg version=\"1.1\" width=\"16\" height=\"16\" viewBox=\"0 0 16 16\" class=\"octicon mr-2\" aria-hidden\u003e\u003cpath d=\"M0 8a8 8 0 1 1 16 0A8 8 0 0 1 0 8Zm8-6.5a6.5 6.5 0 1 0 0 13 6.5 6.5 0 0 0 0-13ZM6.5 7.75A.75.75 0 0 1 7.25 7h1a.75.75 0 0 1 .75.75v2.75h.25a.75.75 0 0 1 0 1.5h-2a.75.75 0 0 1 0-1.5h.25v-2h-.25a.75.75 0 0 1-.75-.75ZM8 6a1 1 0 1 1 0-2 1 1 0 0 1 0 2Z\"\u003e\u003c/path\u003e\u003c/svg\u003eNote\u003c/p\u003e\n\u003cp\u003e\nGitHub only runs scheduled jobs that are in workflows on the default branch. Changing the schedule in a workflow on any other branch has no effect until you merge the branch into the default branch.\u003c/p\u003e\n\u003c/div\u003e\n\u003ch3 id=\"example\" tabindex=\"-1\"\u003e\u003ca class=\"heading-link\" href=\"#example\"\u003eExample\u003cspan class=\"heading-link-symbol\" aria-hidden=\"true\"\u003e\u003c/span\u003e\u003c/a\u003e\u003c/h3\u003e\n\u003cp\u003eThe following example shows a CodeQL analysis workflow for a particular repository that has a default branch called \u003ccode\u003emain\u003c/code\u003e and one protected branch called \u003ccode\u003eprotected\u003c/code\u003e.\u003c/p\u003e\n\u003cdiv class=\"code-example\"\u003e\u003cheader class=\"d-flex flex-items-center flex-justify-between p-2 text-small rounded-top-1 border-top border-left border-right\"\u003e\u003cspan class=\"flex-1\"\u003eYAML\u003c/span\u003e\u003cbutton class=\"js-btn-copy btn btn-sm tooltipped tooltipped-nw\" aria-label=\"Copy YAML code to clipboard\" data-clipboard=\"1861729926\"\u003e\u003csvg version=\"1.1\" width=\"16\" height=\"16\" viewBox=\"0 0 16 16\" class=\"octicon octicon-copy\" aria-hidden=\"true\"\u003e\u003cpath d=\"M0 6.75C0 5.784.784 5 1.75 5h1.5a.75.75 0 0 1 0 1.5h-1.5a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-1.5a.75.75 0 0 1 1.5 0v1.5A1.75 1.75 0 0 1 9.25 16h-7.5A1.75 1.75 0 0 1 0 14.25Z\"\u003e\u003c/path\u003e\u003cpath d=\"M5 1.75C5 .784 5.784 0 6.75 0h7.5C15.216 0 16 .784 16 1.75v7.5A1.75 1.75 0 0 1 14.25 11h-7.5A1.75 1.75 0 0 1 5 9.25Zm1.75-.25a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-7.5a.25.25 0 0 0-.25-.25Z\"\u003e\u003c/path\u003e\u003c/svg\u003e\u003c/button\u003e\u003cpre hidden data-clipboard=\"1861729926\"\u003eon:\n push:\n branches: [main, protected]\n pull_request:\n branches: [main]\n schedule:\n - cron: '20 14 * * 1'\n\u003c/pre\u003e\u003c/header\u003e\u003cpre\u003e\u003ccode class=\"hljs language-yaml\"\u003e\u003cspan class=\"hljs-attr\"\u003eon:\u003c/span\u003e\n \u003cspan class=\"hljs-attr\"\u003epush:\u003c/span\u003e\n \u003cspan class=\"hljs-attr\"\u003ebranches:\u003c/span\u003e [\u003cspan class=\"hljs-string\"\u003emain\u003c/span\u003e, \u003cspan class=\"hljs-string\"\u003eprotected\u003c/span\u003e]\n \u003cspan class=\"hljs-attr\"\u003epull_request:\u003c/span\u003e\n \u003cspan class=\"hljs-attr\"\u003ebranches:\u003c/span\u003e [\u003cspan class=\"hljs-string\"\u003emain\u003c/span\u003e]\n \u003cspan class=\"hljs-attr\"\u003eschedule:\u003c/span\u003e\n \u003cspan class=\"hljs-bullet\"\u003e-\u003c/span\u003e \u003cspan class=\"hljs-attr\"\u003ecron:\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003e'20 14 * * 1'\u003c/span\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e\n\u003cp\u003eThis workflow scans:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEvery push to the default branch and the protected branch\u003c/li\u003e\n\u003cli\u003eEvery pull request to the default branch\u003c/li\u003e\n\u003cli\u003eThe default branch every Monday at 14:20 UTC\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2 id=\"specifying-an-operating-system\" tabindex=\"-1\"\u003e\u003ca class=\"heading-link\" href=\"#specifying-an-operating-system\"\u003eSpecifying an operating system\u003cspan class=\"heading-link-symbol\" aria-hidden=\"true\"\u003e\u003c/span\u003e\u003c/a\u003e\u003c/h2\u003e\n\u003cdiv class=\"ghd-alert ghd-alert-accent\"\u003e\u003cp class=\"ghd-alert-title\"\u003e\u003csvg version=\"1.1\" width=\"16\" height=\"16\" viewBox=\"0 0 16 16\" class=\"octicon mr-2\" aria-hidden\u003e\u003cpath d=\"M0 8a8 8 0 1 1 16 0A8 8 0 0 1 0 8Zm8-6.5a6.5 6.5 0 1 0 0 13 6.5 6.5 0 0 0 0-13ZM6.5 7.75A.75.75 0 0 1 7.25 7h1a.75.75 0 0 1 .75.75v2.75h.25a.75.75 0 0 1 0 1.5h-2a.75.75 0 0 1 0-1.5h.25v-2h-.25a.75.75 0 0 1-.75-.75ZM8 6a1 1 0 1 1 0-2 1 1 0 0 1 0 2Z\"\u003e\u003c/path\u003e\u003c/svg\u003eNote\u003c/p\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eCode scanning of Swift code uses macOS runners by default. GitHub-hosted macOS runners are more expensive than Linux and Windows runners, so you should consider only scanning the build step. For more information about configuring code scanning for Swift, see \"\u003ca href=\"/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#considerations-for-building-swift\" _originalHref=\"/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#considerations-for-building-swift\"\u003eCodeQL code scanning for compiled languages\u003c/a\u003e.\" For more information about pricing for GitHub-hosted runners, see \"\u003ca href=\"/en/billing/managing-billing-for-github-actions/about-billing-for-github-actions\" _originalHref=\"/billing/managing-billing-for-github-actions/about-billing-for-github-actions\"\u003eAbout billing for GitHub Actions\u003c/a\u003e.\"\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCode scanning of Swift code is not supported for runners that are part of an Actions Runner Controller (ARC), because ARC runners only use Linux and Swift requires macOS runners. However, you can have a mixture of both ARC runners and self-hosted macOS runners. For more information, see \"\u003ca href=\"/en/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/about-actions-runner-controller\" _originalHref=\"/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/about-actions-runner-controller\"\u003eAbout Actions Runner Controller\u003c/a\u003e.\"\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/div\u003e\n\u003cp\u003eIf your code requires a specific operating system to compile, you can configure the operating system in your CodeQL analysis workflow. Edit the value of \u003ccode\u003ejobs.analyze.runs-on\u003c/code\u003e to specify the operating system for the machine that runs your code scanning actions.\u003c/p\u003e\n\u003cdiv class=\"code-example\"\u003e\u003cheader class=\"d-flex flex-items-center flex-justify-between p-2 text-small rounded-top-1 border-top border-left border-right\"\u003e\u003cspan class=\"flex-1\"\u003eYAML\u003c/span\u003e\u003cbutton class=\"js-btn-copy btn btn-sm tooltipped tooltipped-nw\" aria-label=\"Copy YAML code to clipboard\" data-clipboard=\"2090084166\"\u003e\u003csvg version=\"1.1\" width=\"16\" height=\"16\" viewBox=\"0 0 16 16\" class=\"octicon octicon-copy\" aria-hidden=\"true\"\u003e\u003cpath d=\"M0 6.75C0 5.784.784 5 1.75 5h1.5a.75.75 0 0 1 0 1.5h-1.5a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-1.5a.75.75 0 0 1 1.5 0v1.5A1.75 1.75 0 0 1 9.25 16h-7.5A1.75 1.75 0 0 1 0 14.25Z\"\u003e\u003c/path\u003e\u003cpath d=\"M5 1.75C5 .784 5.784 0 6.75 0h7.5C15.216 0 16 .784 16 1.75v7.5A1.75 1.75 0 0 1 14.25 11h-7.5A1.75 1.75 0 0 1 5 9.25Zm1.75-.25a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-7.5a.25.25 0 0 0-.25-.25Z\"\u003e\u003c/path\u003e\u003c/svg\u003e\u003c/button\u003e\u003cpre hidden data-clipboard=\"2090084166\"\u003ejobs:\n analyze:\n name: Analyze\n runs-on: [ubuntu-latest]\n\u003c/pre\u003e\u003c/header\u003e\u003cpre\u003e\u003ccode class=\"hljs language-yaml\"\u003e\u003cspan class=\"hljs-attr\"\u003ejobs:\u003c/span\u003e\n \u003cspan class=\"hljs-attr\"\u003eanalyze:\u003c/span\u003e\n \u003cspan class=\"hljs-attr\"\u003ename:\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003eAnalyze\u003c/span\u003e\n \u003cspan class=\"hljs-attr\"\u003eruns-on:\u003c/span\u003e [\u003cspan class=\"hljs-string\"\u003eubuntu-latest\u003c/span\u003e]\n\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e\n\u003cp\u003eIf you choose to use a self-hosted runner for code scanning, you can specify an operating system by using an appropriate label as the second element in a two-element array, after \u003ccode\u003eself-hosted\u003c/code\u003e.\u003c/p\u003e\n\u003cdiv class=\"code-example\"\u003e\u003cheader class=\"d-flex flex-items-center flex-justify-between p-2 text-small rounded-top-1 border-top border-left border-right\"\u003e\u003cspan class=\"flex-1\"\u003eYAML\u003c/span\u003e\u003cbutton class=\"js-btn-copy btn btn-sm tooltipped tooltipped-nw\" aria-label=\"Copy YAML code to clipboard\" data-clipboard=\"675079642\"\u003e\u003csvg version=\"1.1\" width=\"16\" height=\"16\" viewBox=\"0 0 16 16\" class=\"octicon octicon-copy\" aria-hidden=\"true\"\u003e\u003cpath d=\"M0 6.75C0 5.784.784 5 1.75 5h1.5a.75.75 0 0 1 0 1.5h-1.5a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-1.5a.75.75 0 0 1 1.5 0v1.5A1.75 1.75 0 0 1 9.25 16h-7.5A1.75 1.75 0 0 1 0 14.25Z\"\u003e\u003c/path\u003e\u003cpath d=\"M5 1.75C5 .784 5.784 0 6.75 0h7.5C15.216 0 16 .784 16 1.75v7.5A1.75 1.75 0 0 1 14.25 11h-7.5A1.75 1.75 0 0 1 5 9.25Zm1.75-.25a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-7.5a.25.25 0 0 0-.25-.25Z\"\u003e\u003c/path\u003e\u003c/svg\u003e\u003c/button\u003e\u003cpre hidden data-clipboard=\"675079642\"\u003ejobs:\n analyze:\n name: Analyze\n runs-on: [self-hosted, ubuntu-latest]\n\u003c/pre\u003e\u003c/header\u003e\u003cpre\u003e\u003ccode class=\"hljs language-yaml\"\u003e\u003cspan class=\"hljs-attr\"\u003ejobs:\u003c/span\u003e\n \u003cspan class=\"hljs-attr\"\u003eanalyze:\u003c/span\u003e\n \u003cspan class=\"hljs-attr\"\u003ename:\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003eAnalyze\u003c/span\u003e\n \u003cspan class=\"hljs-attr\"\u003eruns-on:\u003c/span\u003e [\u003cspan class=\"hljs-string\"\u003eself-hosted\u003c/span\u003e, \u003cspan class=\"hljs-string\"\u003eubuntu-latest\u003c/span\u003e]\n\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e\n\u003cp\u003eCodeQL code scanning supports the latest versions of Ubuntu, Windows, and macOS. Typical values for this setting are therefore: \u003ccode\u003eubuntu-latest\u003c/code\u003e, \u003ccode\u003ewindows-latest\u003c/code\u003e, and \u003ccode\u003emacos-latest\u003c/code\u003e. For more information, see \"\u003ca href=\"/en/actions/using-jobs/choosing-the-runner-for-a-job\" _originalHref=\"/actions/using-jobs/choosing-the-runner-for-a-job\"\u003eChoosing the runner for a job\u003c/a\u003e\" and \"\u003ca href=\"/en/actions/hosting-your-own-runners/managing-self-hosted-runners/using-labels-with-self-hosted-runners\" _originalHref=\"/actions/hosting-your-own-runners/managing-self-hosted-runners/using-labels-with-self-hosted-runners\"\u003eUsing labels with self-hosted runners\u003c/a\u003e.\"\u003c/p\u003e\n\u003cp\u003eIf you use a self-hosted runner, you must ensure that Git is in the PATH variable. For more information, see \"\u003ca href=\"/en/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners\" _originalHref=\"/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners\"\u003eAbout self-hosted runners\u003c/a\u003e\" and \"\u003ca href=\"/en/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners\" _originalHref=\"/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners\"\u003eAdding self-hosted runners\u003c/a\u003e.\"\u003c/p\u003e\n\u003cp\u003eFor recommended specifications (RAM, CPU cores, and disk) for running CodeQL analysis on self-hosted machines, see \"\u003ca href=\"/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/recommended-hardware-resources-for-running-codeql\" _originalHref=\"/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/recommended-hardware-resources-for-running-codeql\"\u003eRecommended hardware resources for running CodeQL\u003c/a\u003e.\"\u003c/p\u003e\n\u003ch2 id=\"specifying-the-location-for-codeql-databases\" tabindex=\"-1\"\u003e\u003ca class=\"heading-link\" href=\"#specifying-the-location-for-codeql-databases\"\u003eSpecifying the location for CodeQL databases\u003cspan class=\"heading-link-symbol\" aria-hidden=\"true\"\u003e\u003c/span\u003e\u003c/a\u003e\u003c/h2\u003e\n\u003cp\u003eIn general, you do not need to worry about where the CodeQL analysis workflow places CodeQL databases since later steps will automatically find databases created by previous steps. However, if you are writing a custom workflow step that requires the CodeQL database to be in a specific disk location, for example to upload the database as a workflow artifact, you can specify that location using the \u003ccode\u003edb-location\u003c/code\u003e parameter under the \u003ccode\u003einit\u003c/code\u003e action.\u003c/p\u003e\n\u003cdiv class=\"code-example\"\u003e\u003cheader class=\"d-flex flex-items-center flex-justify-between p-2 text-small rounded-top-1 border-top border-left border-right\"\u003e\u003cspan class=\"flex-1\"\u003eYAML\u003c/span\u003e\u003cbutton class=\"js-btn-copy btn btn-sm tooltipped tooltipped-nw\" aria-label=\"Copy YAML code to clipboard\" data-clipboard=\"3149545592\"\u003e\u003csvg version=\"1.1\" width=\"16\" height=\"16\" viewBox=\"0 0 16 16\" class=\"octicon octicon-copy\" aria-hidden=\"true\"\u003e\u003cpath d=\"M0 6.75C0 5.784.784 5 1.75 5h1.5a.75.75 0 0 1 0 1.5h-1.5a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-1.5a.75.75 0 0 1 1.5 0v1.5A1.75 1.75 0 0 1 9.25 16h-7.5A1.75 1.75 0 0 1 0 14.25Z\"\u003e\u003c/path\u003e\u003cpath d=\"M5 1.75C5 .784 5.784 0 6.75 0h7.5C15.216 0 16 .784 16 1.75v7.5A1.75 1.75 0 0 1 14.25 11h-7.5A1.75 1.75 0 0 1 5 9.25Zm1.75-.25a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-7.5a.25.25 0 0 0-.25-.25Z\"\u003e\u003c/path\u003e\u003c/svg\u003e\u003c/button\u003e\u003cpre hidden data-clipboard=\"3149545592\"\u003e- uses: github/codeql-action/init@v3\n with:\n db-location: '${{ github.runner_temp }}/my_location'\n\u003c/pre\u003e\u003c/header\u003e\u003cpre\u003e\u003ccode class=\"hljs language-yaml\"\u003e\u003cspan class=\"hljs-bullet\"\u003e-\u003c/span\u003e \u003cspan class=\"hljs-attr\"\u003euses:\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003egithub/codeql-action/init@v3\u003c/span\u003e\n \u003cspan class=\"hljs-attr\"\u003ewith:\u003c/span\u003e\n \u003cspan class=\"hljs-attr\"\u003edb-location:\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003e'$\u003cspan class=\"hljs-template-variable\"\u003e{{ github.runner_temp }}\u003c/span\u003e/my_location'\u003c/span\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e\n\u003cp\u003eThe CodeQL analysis workflow will expect the path provided in \u003ccode\u003edb-location\u003c/code\u003e to be writable, and either not exist, or be an empty directory. When using this parameter in a job running on a self-hosted runner or using a Docker container, it's the responsibility of the user to ensure that the chosen directory is cleared between runs, or that the databases are removed once they are no longer needed. This is not necessary for jobs running on GitHub-hosted runners, which obtain a fresh instance and a clean filesystem each time they run. For more information, see \"\u003ca href=\"/en/actions/using-github-hosted-runners/about-github-hosted-runners\" _originalHref=\"/actions/using-github-hosted-runners/about-github-hosted-runners\"\u003eUsing GitHub-hosted runners\u003c/a\u003e.\"\u003c/p\u003e\n\u003cp\u003eIf this parameter is not used, the CodeQL analysis workflow will create databases in a temporary location of its own choice. Currently the default value is \u003ccode\u003e${{ github.runner_temp }}/codeql_databases\u003c/code\u003e.\u003c/p\u003e\n\u003ch2 id=\"changing-the-languages-that-are-analyzed\" tabindex=\"-1\"\u003e\u003ca class=\"heading-link\" href=\"#changing-the-languages-that-are-analyzed\"\u003eChanging the languages that are analyzed\u003cspan class=\"heading-link-symbol\" aria-hidden=\"true\"\u003e\u003c/span\u003e\u003c/a\u003e\u003c/h2\u003e\n\u003cp\u003eCodeQL code scanning automatically detects code written in the supported languages.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eC/C++\u003c/li\u003e\n\u003cli\u003eC#\u003c/li\u003e\n\u003cli\u003eGo\u003c/li\u003e\n\u003cli\u003eJava/Kotlin\u003c/li\u003e\n\u003cli\u003eJavaScript/TypeScript\u003c/li\u003e\n\u003cli\u003ePython\u003c/li\u003e\n\u003cli\u003eRuby\u003c/li\u003e\n\u003cli\u003eSwift\u003c/li\u003e\n\u003c/ul\u003e\n\u003cdiv class=\"ghd-alert ghd-alert-accent\"\u003e\u003cp class=\"ghd-alert-title\"\u003e\u003csvg version=\"1.1\" width=\"16\" height=\"16\" viewBox=\"0 0 16 16\" class=\"octicon mr-2\" aria-hidden\u003e\u003cpath d=\"M0 8a8 8 0 1 1 16 0A8 8 0 0 1 0 8Zm8-6.5a6.5 6.5 0 1 0 0 13 6.5 6.5 0 0 0 0-13ZM6.5 7.75A.75.75 0 0 1 7.25 7h1a.75.75 0 0 1 .75.75v2.75h.25a.75.75 0 0 1 0 1.5h-2a.75.75 0 0 1 0-1.5h.25v-2h-.25a.75.75 0 0 1-.75-.75ZM8 6a1 1 0 1 1 0-2 1 1 0 0 1 0 2Z\"\u003e\u003c/path\u003e\u003c/svg\u003eNote\u003c/p\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003ejava-kotlin\u003c/code\u003e to analyze code written in Java, Kotlin or both.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003ejavascript-typescript\u003c/code\u003e to analyze code written in JavaScript, TypeScript or both.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/div\u003e\n\u003cp\u003eFor more information, see the documentation on the CodeQL website: \"\u003ca href=\"https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/\"\u003eSupported languages and frameworks\u003c/a\u003e.\"\u003c/p\u003e\n\u003cp\u003eCodeQL uses the following language identifiers:\u003c/p\u003e\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth scope=\"col\"\u003eLanguage\u003c/th\u003e\u003cth scope=\"col\"\u003eIdentifier\u003c/th\u003e\u003cth scope=\"col\"\u003eOptional alternative identifiers (if any)\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eC/C++\u003c/td\u003e\u003ctd\u003e\u003ccode\u003ec-cpp\u003c/code\u003e\u003c/td\u003e\u003ctd\u003e\u003ccode\u003ec\u003c/code\u003e or \u003ccode\u003ecpp\u003c/code\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eC#\u003c/td\u003e\u003ctd\u003e\u003ccode\u003ecsharp\u003c/code\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGo\u003c/td\u003e\u003ctd\u003e\u003ccode\u003ego\u003c/code\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eJava/Kotlin\u003c/td\u003e\u003ctd\u003e\u003ccode\u003ejava-kotlin\u003c/code\u003e\u003c/td\u003e\u003ctd\u003e\u003ccode\u003ejava\u003c/code\u003e or \u003ccode\u003ekotlin\u003c/code\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eJavaScript/TypeScript\u003c/td\u003e\u003ctd\u003e\u003ccode\u003ejavascript-typescript\u003c/code\u003e\u003c/td\u003e\u003ctd\u003e\u003ccode\u003ejavascript\u003c/code\u003e or \u003ccode\u003etypescript\u003c/code\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePython\u003c/td\u003e\u003ctd\u003e\u003ccode\u003epython\u003c/code\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eRuby\u003c/td\u003e\u003ctd\u003e\u003ccode\u003eruby\u003c/code\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eSwift\u003c/td\u003e\u003ctd\u003e\u003ccode\u003eswift\u003c/code\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\n\u003cdiv class=\"ghd-alert ghd-alert-accent\"\u003e\u003cp class=\"ghd-alert-title\"\u003e\u003csvg version=\"1.1\" width=\"16\" height=\"16\" viewBox=\"0 0 16 16\" class=\"octicon mr-2\" aria-hidden\u003e\u003cpath d=\"M0 8a8 8 0 1 1 16 0A8 8 0 0 1 0 8Zm8-6.5a6.5 6.5 0 1 0 0 13 6.5 6.5 0 0 0 0-13ZM6.5 7.75A.75.75 0 0 1 7.25 7h1a.75.75 0 0 1 .75.75v2.75h.25a.75.75 0 0 1 0 1.5h-2a.75.75 0 0 1 0-1.5h.25v-2h-.25a.75.75 0 0 1-.75-.75ZM8 6a1 1 0 1 1 0-2 1 1 0 0 1 0 2Z\"\u003e\u003c/path\u003e\u003c/svg\u003eNote\u003c/p\u003e\n\u003cp\u003e\nIf you specify one of the alternative identifiers, this is equivalent to using the standard language identifier. For example, specifying \u003ccode\u003ejavascript\u003c/code\u003e instead of \u003ccode\u003ejavascript-typescript\u003c/code\u003e will not exclude analysis of TypeScript code. You can do this in an advanced setup workflow with the \u003ccode\u003e--paths-ignore\u003c/code\u003e option. For more information, see \"\u003ca href=\"/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#specifying-directories-to-scan\" _originalHref=\"/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#specifying-directories-to-scan\"\u003eCustomizing your advanced setup for code scanning\u003c/a\u003e.\"\u003c/p\u003e\n\u003c/div\u003e\n\u003cp\u003eThe default CodeQL analysis workflow file contains a matrix called \u003ccode\u003elanguage\u003c/code\u003e which lists the languages in your repository that are analyzed. CodeQL automatically populates this matrix when you add code scanning to a repository. Using the \u003ccode\u003elanguage\u003c/code\u003e matrix optimizes CodeQL to run each analysis in parallel. We recommend that all workflows adopt this configuration due to the performance benefits of parallelizing builds. For more information about matrices, see \"\u003ca href=\"/en/actions/using-jobs/using-a-matrix-for-your-jobs\" _originalHref=\"/actions/using-jobs/using-a-matrix-for-your-jobs\"\u003eRunning variations of jobs in a workflow\u003c/a\u003e.\"\u003c/p\u003e\n\u003cp\u003eIf your repository contains code in more than one of the supported languages, you can choose which languages you want to analyze. There are several reasons you might want to prevent a language being analyzed. For example, the project might have dependencies in a different language to the main body of your code, and you might prefer not to see alerts for those dependencies.\u003c/p\u003e\n\u003cp\u003eIf your workflow uses the \u003ccode\u003elanguage\u003c/code\u003e matrix then CodeQL is hardcoded to analyze only the languages in the matrix. To change the languages you want to analyze, edit the value of the matrix variable. You can remove a language to prevent it being analyzed or you can add a language that was not present in the repository when code scanning was configured. For example, if the repository initially only contained JavaScript when code scanning was configured, and you later added Python code, you will need to add \u003ccode\u003epython\u003c/code\u003e to the matrix.\u003c/p\u003e\n\u003cdiv class=\"code-example\"\u003e\u003cheader class=\"d-flex flex-items-center flex-justify-between p-2 text-small rounded-top-1 border-top border-left border-right\"\u003e\u003cspan class=\"flex-1\"\u003eYAML\u003c/span\u003e\u003cbutton class=\"js-btn-copy btn btn-sm tooltipped tooltipped-nw\" aria-label=\"Copy YAML code to clipboard\" data-clipboard=\"2956854181\"\u003e\u003csvg version=\"1.1\" width=\"16\" height=\"16\" viewBox=\"0 0 16 16\" class=\"octicon octicon-copy\" aria-hidden=\"true\"\u003e\u003cpath d=\"M0 6.75C0 5.784.784 5 1.75 5h1.5a.75.75 0 0 1 0 1.5h-1.5a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-1.5a.75.75 0 0 1 1.5 0v1.5A1.75 1.75 0 0 1 9.25 16h-7.5A1.75 1.75 0 0 1 0 14.25Z\"\u003e\u003c/path\u003e\u003cpath d=\"M5 1.75C5 .784 5.784 0 6.75 0h7.5C15.216 0 16 .784 16 1.75v7.5A1.75 1.75 0 0 1 14.25 11h-7.5A1.75 1.75 0 0 1 5 9.25Zm1.75-.25a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-7.5a.25.25 0 0 0-.25-.25Z\"\u003e\u003c/path\u003e\u003c/svg\u003e\u003c/button\u003e\u003cpre hidden data-clipboard=\"2956854181\"\u003ejobs:\n analyze:\n name: Analyze\n ...\n strategy:\n fail-fast: false\n matrix:\n language: ['javascript-typescript', 'python']\n\u003c/pre\u003e\u003c/header\u003e\u003cpre\u003e\u003ccode class=\"hljs language-yaml\"\u003e\u003cspan class=\"hljs-attr\"\u003ejobs:\u003c/span\u003e\n \u003cspan class=\"hljs-attr\"\u003eanalyze:\u003c/span\u003e\n \u003cspan class=\"hljs-attr\"\u003ename:\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003eAnalyze\u003c/span\u003e\n \u003cspan class=\"hljs-string\"\u003e...\u003c/span\u003e\n \u003cspan class=\"hljs-attr\"\u003estrategy:\u003c/span\u003e\n \u003cspan class=\"hljs-attr\"\u003efail-fast:\u003c/span\u003e \u003cspan class=\"hljs-literal\"\u003efalse\u003c/span\u003e\n \u003cspan class=\"hljs-attr\"\u003ematrix:\u003c/span\u003e\n \u003cspan class=\"hljs-attr\"\u003elanguage:\u003c/span\u003e [\u003cspan class=\"hljs-string\"\u003e'javascript-typescript'\u003c/span\u003e, \u003cspan class=\"hljs-string\"\u003e'python'\u003c/span\u003e]\n\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e\n\u003cp\u003eIf your workflow does not contain a matrix called \u003ccode\u003elanguage\u003c/code\u003e, then CodeQL is configured to run analysis sequentially. If you don't specify languages in the workflow, CodeQL automatically detects, and attempts to analyze, any supported languages in the repository. If you want to choose which languages to analyze, without using a matrix, you can use the \u003ccode\u003elanguages\u003c/code\u003e parameter under the \u003ccode\u003einit\u003c/code\u003e action.\u003c/p\u003e\n\u003cdiv class=\"code-example\"\u003e\u003cheader class=\"d-flex flex-items-center flex-justify-between p-2 text-small rounded-top-1 border-top border-left border-right\"\u003e\u003cspan class=\"flex-1\"\u003eYAML\u003c/span\u003e\u003cbutton class=\"js-btn-copy btn btn-sm tooltipped tooltipped-nw\" aria-label=\"Copy YAML code to clipboard\" data-clipboard=\"1575963373\"\u003e\u003csvg version=\"1.1\" width=\"16\" height=\"16\" viewBox=\"0 0 16 16\" class=\"octicon octicon-copy\" aria-hidden=\"true\"\u003e\u003cpath d=\"M0 6.75C0 5.784.784 5 1.75 5h1.5a.75.75 0 0 1 0 1.5h-1.5a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-1.5a.75.75 0 0 1 1.5 0v1.5A1.75 1.75 0 0 1 9.25 16h-7.5A1.75 1.75 0 0 1 0 14.25Z\"\u003e\u003c/path\u003e\u003cpath d=\"M5 1.75C5 .784 5.784 0 6.75 0h7.5C15.216 0 16 .784 16 1.75v7.5A1.75 1.75 0 0 1 14.25 11h-7.5A1.75 1.75 0 0 1 5 9.25Zm1.75-.25a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-7.5a.25.25 0 0 0-.25-.25Z\"\u003e\u003c/path\u003e\u003c/svg\u003e\u003c/button\u003e\u003cpre hidden data-clipboard=\"1575963373\"\u003e- uses: github/codeql-action/init@v3\n with:\n languages: c-cpp, csharp, python\n\u003c/pre\u003e\u003c/header\u003e\u003cpre\u003e\u003ccode class=\"hljs language-yaml\"\u003e\u003cspan class=\"hljs-bullet\"\u003e-\u003c/span\u003e \u003cspan class=\"hljs-attr\"\u003euses:\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003egithub/codeql-action/init@v3\u003c/span\u003e\n \u003cspan class=\"hljs-attr\"\u003ewith:\u003c/span\u003e\n \u003cspan class=\"hljs-attr\"\u003elanguages:\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003ec-cpp,\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003ecsharp,\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003epython\u003c/span\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e\n\u003ch2 id=\"defining-the-alert-severities-that-cause-a-check-failure-for-a-pull-request\" tabindex=\"-1\"\u003e\u003ca class=\"heading-link\" href=\"#defining-the-alert-severities-that-cause-a-check-failure-for-a-pull-request\"\u003eDefining the alert severities that cause a check failure for a pull request\u003cspan class=\"heading-link-symbol\" aria-hidden=\"true\"\u003e\u003c/span\u003e\u003c/a\u003e\u003c/h2\u003e\n\u003cp\u003eYou can use rulesets to prevent pull requests from being merged when one of the following conditions is met:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eA required tool found a code scanning alert of a severity that is defined in a ruleset.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eA required code scanning tool's analysis is still in progress.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eA required code scanning tool is not configured for the repository.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFor more information, see \"\u003ca href=\"/en/code-security/code-scanning/managing-your-code-scanning-configuration/set-code-scanning-merge-protection\" _originalHref=\"/code-security/code-scanning/managing-your-code-scanning-configuration/set-code-scanning-merge-protection\"\u003eSet code scanning merge protection\u003c/a\u003e.\" For more general information about rulesets, see \"\u003ca href=\"/en/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/about-rulesets\" _originalHref=\"/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/about-rulesets\"\u003eAbout rulesets\u003c/a\u003e.\"\u003c/p\u003e\n\u003ch2 id=\"configuring-a-category-for-the-analysis\" tabindex=\"-1\"\u003e\u003ca class=\"heading-link\" href=\"#configuring-a-category-for-the-analysis\"\u003eConfiguring a category for the analysis\u003cspan class=\"heading-link-symbol\" aria-hidden=\"true\"\u003e\u003c/span\u003e\u003c/a\u003e\u003c/h2\u003e\n\u003cp\u003eUse \u003ccode\u003ecategory\u003c/code\u003e to distinguish between multiple analyses for the same tool and commit, but performed on different languages or different parts of the code. The category you specify in your workflow will be included in the SARIF results file.\u003c/p\u003e\n\u003cp\u003eThis parameter is particularly useful if you work with monorepos and have multiple SARIF files for different components of the monorepo.\u003c/p\u003e\n\u003cdiv class=\"code-example\"\u003e\u003cheader class=\"d-flex flex-items-center flex-justify-between p-2 text-small rounded-top-1 border-top border-left border-right\"\u003e\u003cspan class=\"flex-1\"\u003eYAML\u003c/span\u003e\u003cbutton class=\"js-btn-copy btn btn-sm tooltipped tooltipped-nw\" aria-label=\"Copy YAML code to clipboard\" data-clipboard=\"573274950\"\u003e\u003csvg version=\"1.1\" width=\"16\" height=\"16\" viewBox=\"0 0 16 16\" class=\"octicon octicon-copy\" aria-hidden=\"true\"\u003e\u003cpath d=\"M0 6.75C0 5.784.784 5 1.75 5h1.5a.75.75 0 0 1 0 1.5h-1.5a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-1.5a.75.75 0 0 1 1.5 0v1.5A1.75 1.75 0 0 1 9.25 16h-7.5A1.75 1.75 0 0 1 0 14.25Z\"\u003e\u003c/path\u003e\u003cpath d=\"M5 1.75C5 .784 5.784 0 6.75 0h7.5C15.216 0 16 .784 16 1.75v7.5A1.75 1.75 0 0 1 14.25 11h-7.5A1.75 1.75 0 0 1 5 9.25Zm1.75-.25a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-7.5a.25.25 0 0 0-.25-.25Z\"\u003e\u003c/path\u003e\u003c/svg\u003e\u003c/button\u003e\u003cpre hidden data-clipboard=\"573274950\"\u003e - name: Perform CodeQL Analysis\n uses: github/codeql-action/analyze@v3\n with:\n # Optional. Specify a category to distinguish between multiple analyses\n # for the same tool and ref. If you don't use `category` in your workflow,\n # GitHub will generate a default category name for you\n category: \"my_category\"\n\u003c/pre\u003e\u003c/header\u003e\u003cpre\u003e\u003ccode class=\"hljs language-yaml\"\u003e \u003cspan class=\"hljs-bullet\"\u003e-\u003c/span\u003e \u003cspan class=\"hljs-attr\"\u003ename:\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003ePerform\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003eCodeQL\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003eAnalysis\u003c/span\u003e\n \u003cspan class=\"hljs-attr\"\u003euses:\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003egithub/codeql-action/analyze@v3\u003c/span\u003e\n \u003cspan class=\"hljs-attr\"\u003ewith:\u003c/span\u003e\n \u003cspan class=\"hljs-comment\"\u003e# Optional. Specify a category to distinguish between multiple analyses\u003c/span\u003e\n \u003cspan class=\"hljs-comment\"\u003e# for the same tool and ref. If you don't use `category` in your workflow,\u003c/span\u003e\n \u003cspan class=\"hljs-comment\"\u003e# GitHub will generate a default category name for you\u003c/span\u003e\n \u003cspan class=\"hljs-attr\"\u003ecategory:\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003e\"my_category\"\u003c/span\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e\n\u003cp\u003eIf you don't specify a \u003ccode\u003ecategory\u003c/code\u003e parameter in your workflow, GitHub will generate a category name for you, based on the name of the workflow file triggering the action, the action name, and any matrix variables. For example:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003e.github/workflows/codeql-analysis.yml\u003c/code\u003e workflow and the \u003ccode\u003eanalyze\u003c/code\u003e action will produce the category \u003ccode\u003e.github/workflows/codeql.yml:analyze\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003e.github/workflows/codeql-analysis.yml\u003c/code\u003e workflow, the \u003ccode\u003eanalyze\u003c/code\u003e action, and the \u003ccode\u003e{language: javascript-typescript, os: linux}\u003c/code\u003e matrix variables will produce the category \u003ccode\u003e.github/workflows/codeql-analysis.yml:analyze/language:javascript-typescript/os:linux\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe \u003ccode\u003ecategory\u003c/code\u003e value will appear as the \u003ccode\u003e\u0026#x3C;run\u003e.automationDetails.id\u003c/code\u003e property in SARIF v2.1.0. For more information, see \"\u003ca href=\"/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#runautomationdetails-object\" _originalHref=\"/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#runautomationdetails-object\"\u003eSARIF support for code scanning\u003c/a\u003e.\"\u003c/p\u003e\n\u003cp\u003eYour specified category will not overwrite the details of the \u003ccode\u003erunAutomationDetails\u003c/code\u003e object in the SARIF file, if included.\u003c/p\u003e\n\u003ch2 id=\"extending-codeql-coverage-with-codeql-model-packs\" tabindex=\"-1\"\u003e\u003ca class=\"heading-link\" href=\"#extending-codeql-coverage-with-codeql-model-packs\"\u003eExtending CodeQL coverage with CodeQL model packs\u003cspan class=\"heading-link-symbol\" aria-hidden=\"true\"\u003e\u003c/span\u003e\u003c/a\u003e\u003c/h2\u003e\n\u003cp\u003eIf your codebase depends on a library or framework that is not recognized by the standard queries in CodeQL, you can extend the CodeQL coverage in your code scanning workflow by specifying published CodeQL model packs. For more information about creating your own model packs, see \"\u003ca href=\"/en/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-and-working-with-codeql-packs#creating-a-model-pack\" _originalHref=\"/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-and-working-with-codeql-packs#creating-a-model-pack\"\u003eCreating and working with CodeQL packs\u003c/a\u003e.\"\u003c/p\u003e\n\u003cdiv class=\"ghd-alert ghd-alert-accent\"\u003e\u003cp class=\"ghd-alert-title\"\u003e\u003csvg version=\"1.1\" width=\"16\" height=\"16\" viewBox=\"0 0 16 16\" class=\"octicon mr-2\" aria-hidden\u003e\u003cpath d=\"M0 8a8 8 0 1 1 16 0A8 8 0 0 1 0 8Zm8-6.5a6.5 6.5 0 1 0 0 13 6.5 6.5 0 0 0 0-13ZM6.5 7.75A.75.75 0 0 1 7.25 7h1a.75.75 0 0 1 .75.75v2.75h.25a.75.75 0 0 1 0 1.5h-2a.75.75 0 0 1 0-1.5h.25v-2h-.25a.75.75 0 0 1-.75-.75ZM8 6a1 1 0 1 1 0-2 1 1 0 0 1 0 2Z\"\u003e\u003c/path\u003e\u003c/svg\u003eNote\u003c/p\u003e\n\u003cp\u003e\nCodeQL model packs and the CodeQL model editor are currently in public preview and subject to change. Model packs are supported by C#, Java/Kotlin, Python, and Ruby analysis.\u003c/p\u003e\n\u003c/div\u003e\n\u003ch3 id=\"using-codeql-model-packs\" tabindex=\"-1\"\u003e\u003ca class=\"heading-link\" href=\"#using-codeql-model-packs\"\u003eUsing CodeQL model packs\u003cspan class=\"heading-link-symbol\" aria-hidden=\"true\"\u003e\u003c/span\u003e\u003c/a\u003e\u003c/h3\u003e\n\u003cp\u003eTo add one or more published CodeQL model packs, specify them inside the \u003ccode\u003ewith: packs:\u003c/code\u003e entry within the \u003ccode\u003euses: github/codeql-action/init@v3\u003c/code\u003e section of the workflow. Within \u003ccode\u003epacks\u003c/code\u003e you specify one or more packages to use and, optionally, which version to download. Where you don't specify a version, the latest version is downloaded. If you want to use packages that are not publicly available, you need to set the \u003ccode\u003eGITHUB_TOKEN\u003c/code\u003e environment variable to a secret that has access to the packages. For more information, see \"\u003ca href=\"/en/actions/security-guides/automatic-token-authentication\" _originalHref=\"/actions/security-guides/automatic-token-authentication\"\u003eAutomatic token authentication\u003c/a\u003e\" and \"\u003ca href=\"/en/actions/security-guides/encrypted-secrets\" _originalHref=\"/actions/security-guides/encrypted-secrets\"\u003eUsing secrets in GitHub Actions\u003c/a\u003e.\"\u003c/p\u003e\n\u003cdiv class=\"code-example\"\u003e\u003cheader class=\"d-flex flex-items-center flex-justify-between p-2 text-small rounded-top-1 border-top border-left border-right\"\u003e\u003cspan class=\"flex-1\"\u003eYAML\u003c/span\u003e\u003cbutton class=\"js-btn-copy btn btn-sm tooltipped tooltipped-nw\" aria-label=\"Copy YAML code to clipboard\" data-clipboard=\"1832980167\"\u003e\u003csvg version=\"1.1\" width=\"16\" height=\"16\" viewBox=\"0 0 16 16\" class=\"octicon octicon-copy\" aria-hidden=\"true\"\u003e\u003cpath d=\"M0 6.75C0 5.784.784 5 1.75 5h1.5a.75.75 0 0 1 0 1.5h-1.5a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-1.5a.75.75 0 0 1 1.5 0v1.5A1.75 1.75 0 0 1 9.25 16h-7.5A1.75 1.75 0 0 1 0 14.25Z\"\u003e\u003c/path\u003e\u003cpath d=\"M5 1.75C5 .784 5.784 0 6.75 0h7.5C15.216 0 16 .784 16 1.75v7.5A1.75 1.75 0 0 1 14.25 11h-7.5A1.75 1.75 0 0 1 5 9.25Zm1.75-.25a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-7.5a.25.25 0 0 0-.25-.25Z\"\u003e\u003c/path\u003e\u003c/svg\u003e\u003c/button\u003e\u003cpre hidden data-clipboard=\"1832980167\"\u003e- uses: github/codeql-action/init@v3\n with:\n config-file: ./.github/codeql/codeql-config.yml\n queries: security-extended\n packs: my-company/my-java-queries@~7.8.9,my-repo/my-java-model-pack\n\u003c/pre\u003e\u003c/header\u003e\u003cpre\u003e\u003ccode class=\"hljs language-yaml\"\u003e\u003cspan class=\"hljs-bullet\"\u003e-\u003c/span\u003e \u003cspan class=\"hljs-attr\"\u003euses:\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003egithub/codeql-action/init@v3\u003c/span\u003e\n \u003cspan class=\"hljs-attr\"\u003ewith:\u003c/span\u003e\n \u003cspan class=\"hljs-attr\"\u003econfig-file:\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003e./.github/codeql/codeql-config.yml\u003c/span\u003e\n \u003cspan class=\"hljs-attr\"\u003equeries:\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003esecurity-extended\u003c/span\u003e\n \u003cspan class=\"hljs-attr\"\u003epacks:\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003emy-company/my-java-queries@~7.8.9,my-repo/my-java-model-pack\u003c/span\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e\n\u003cp\u003eIn this example, the default queries will be run for Java, as well as the queries from a version greater than or equal to \u003ccode\u003e7.8.9\u003c/code\u003e and less than \u003ccode\u003e7.9.0\u003c/code\u003e of the query pack \u003ccode\u003emy-company/my-java-queries\u003c/code\u003e. The dependencies modeled in the latest version of the model pack \u003ccode\u003emy-repo/my-java-model-pack\u003c/code\u003e will be available to both the default queries and those in \u003ccode\u003emy-company/my-java-queries\u003c/code\u003e.\u003c/p\u003e\n\u003ch2 id=\"running-additional-queries\" tabindex=\"-1\"\u003e\u003ca class=\"heading-link\" href=\"#running-additional-queries\"\u003eRunning additional queries\u003cspan class=\"heading-link-symbol\" aria-hidden=\"true\"\u003e\u003c/span\u003e\u003c/a\u003e\u003c/h2\u003e\n\u003cp\u003eWhen you use CodeQL to scan code, the CodeQL analysis engine generates a database from the code and runs queries on it. CodeQL analysis uses a default set of queries, but you can specify more queries to run, in addition to the default queries.\u003c/p\u003e\n\u003cdiv class=\"ghd-alert ghd-alert-success\"\u003e\u003cp class=\"ghd-alert-title\"\u003e\u003csvg version=\"1.1\" width=\"16\" height=\"16\" viewBox=\"0 0 16 16\" class=\"octicon mr-2\" aria-hidden\u003e\u003cpath d=\"M8 1.5c-2.363 0-4 1.69-4 3.75 0 .984.424 1.625.984 2.304l.214.253c.223.264.47.556.673.848.284.411.537.896.621 1.49a.75.75 0 0 1-1.484.211c-.04-.282-.163-.547-.37-.847a8.456 8.456 0 0 0-.542-.68c-.084-.1-.173-.205-.268-.32C3.201 7.75 2.5 6.766 2.5 5.25 2.5 2.31 4.863 0 8 0s5.5 2.31 5.5 5.25c0 1.516-.701 2.5-1.328 3.259-.095.115-.184.22-.268.319-.207.245-.383.453-.541.681-.208.3-.33.565-.37.847a.751.751 0 0 1-1.485-.212c.084-.593.337-1.078.621-1.489.203-.292.45-.584.673-.848.075-.088.147-.173.213-.253.561-.679.985-1.32.985-2.304 0-2.06-1.637-3.75-4-3.75ZM5.75 12h4.5a.75.75 0 0 1 0 1.5h-4.5a.75.75 0 0 1 0-1.5ZM6 15.25a.75.75 0 0 1 .75-.75h2.5a.75.75 0 0 1 0 1.5h-2.5a.75.75 0 0 1-.75-.75Z\"\u003e\u003c/path\u003e\u003c/svg\u003eTip\u003c/p\u003e\n\u003cp\u003e\nYou can also specify the queries you want to exclude from analysis, or include in the analysis. This requires the use of a custom configuration file. For more information, see \"\u003ca href=\"#using-a-custom-configuration-file\"\u003eUsing a custom configuration file\u003c/a\u003e\" and \"\u003ca href=\"#excluding-specific-queries-from-analysis\"\u003eExcluding specific queries from analysis\u003c/a\u003e\" below.\u003c/p\u003e\n\u003c/div\u003e\n\u003cp\u003eYou can run extra queries if they are part of a CodeQL pack published to the GitHub Container registry or a CodeQL pack stored in a repository. For more information, see \"\u003ca href=\"/en/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning-with-codeql#about-codeql-queries\" _originalHref=\"/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning-with-codeql#about-codeql-queries\"\u003eAbout code scanning with CodeQL\u003c/a\u003e.\"\u003c/p\u003e\n\u003cp\u003eThe options available to specify the additional queries you want to run are:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epacks\u003c/code\u003e to install one or more CodeQL query packs and run the default query suite or queries for those packs.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003equeries\u003c/code\u003e to specify a single \u003cem\u003e.ql\u003c/em\u003e file, a directory containing multiple \u003cem\u003e.ql\u003c/em\u003e files, a \u003cem\u003e.qls\u003c/em\u003e query suite definition file, or any combination. For more information about query suite definitions, see \"\u003ca href=\"https://codeql.github.com/docs/codeql-cli/creating-codeql-query-suites/\"\u003eCreating CodeQL query suites\u003c/a\u003e.\"\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eYou can use both \u003ccode\u003epacks\u003c/code\u003e and \u003ccode\u003equeries\u003c/code\u003e in the same workflow.\u003c/p\u003e\n\u003cp\u003eWe don't recommend referencing query suites directly from the \u003ccode\u003egithub/codeql\u003c/code\u003e repository, for example, \u003ccode\u003egithub/codeql/cpp/ql/src@main\u003c/code\u003e. Such queries would have to be recompiled, and may not be compatible with the version of CodeQL currently active on GitHub Actions, which could lead to errors during analysis.\u003c/p\u003e\n\u003ch3 id=\"using-query-packs\" tabindex=\"-1\"\u003e\u003ca class=\"heading-link\" href=\"#using-query-packs\"\u003eUsing query packs\u003cspan class=\"heading-link-symbol\" aria-hidden=\"true\"\u003e\u003c/span\u003e\u003c/a\u003e\u003c/h3\u003e\n\u003cp\u003eTo add one or more CodeQL query packs, add a \u003ccode\u003ewith: packs:\u003c/code\u003e entry within the \u003ccode\u003euses: github/codeql-action/init@v3\u003c/code\u003e section of the workflow. Within \u003ccode\u003epacks\u003c/code\u003e you specify one or more packages to use and, optionally, which version to download. Where you don't specify a version, the latest version is downloaded. If you want to use packages that are not publicly available, you need to set the \u003ccode\u003eGITHUB_TOKEN\u003c/code\u003e environment variable to a secret that has access to the packages. For more information, see \"\u003ca href=\"/en/actions/security-guides/automatic-token-authentication\" _originalHref=\"/actions/security-guides/automatic-token-authentication\"\u003eAutomatic token authentication\u003c/a\u003e\" and \"\u003ca href=\"/en/actions/security-guides/encrypted-secrets\" _originalHref=\"/actions/security-guides/encrypted-secrets\"\u003eUsing secrets in GitHub Actions\u003c/a\u003e.\"\u003c/p\u003e\n\u003cdiv class=\"ghd-alert ghd-alert-accent\"\u003e\u003cp class=\"ghd-alert-title\"\u003e\u003csvg version=\"1.1\" width=\"16\" height=\"16\" viewBox=\"0 0 16 16\" class=\"octicon mr-2\" aria-hidden\u003e\u003cpath d=\"M0 8a8 8 0 1 1 16 0A8 8 0 0 1 0 8Zm8-6.5a6.5 6.5 0 1 0 0 13 6.5 6.5 0 0 0 0-13ZM6.5 7.75A.75.75 0 0 1 7.25 7h1a.75.75 0 0 1 .75.75v2.75h.25a.75.75 0 0 1 0 1.5h-2a.75.75 0 0 1 0-1.5h.25v-2h-.25a.75.75 0 0 1-.75-.75ZM8 6a1 1 0 1 1 0-2 1 1 0 0 1 0 2Z\"\u003e\u003c/path\u003e\u003c/svg\u003eNote\u003c/p\u003e\n\u003cp\u003e\nFor workflows that generate CodeQL databases for multiple languages, you must instead specify the CodeQL query packs in a configuration file. For more information, see \"\u003ca href=\"#specifying-codeql-query-packs\"\u003eSpecifying CodeQL query packs\u003c/a\u003e\" below.\u003c/p\u003e\n\u003c/div\u003e\n\u003cp\u003eIn the example below, \u003ccode\u003escope\u003c/code\u003e is the organization or personal account that published the package. When the workflow runs, the four CodeQL query packs are downloaded from GitHub and the default queries or query suite for each pack run:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe latest version of \u003ccode\u003epack1\u003c/code\u003e is downloaded and all default queries are run.\u003c/li\u003e\n\u003cli\u003eVersion 1.2.3 of \u003ccode\u003epack2\u003c/code\u003e is downloaded and all default queries are run.\u003c/li\u003e\n\u003cli\u003eThe latest version of \u003ccode\u003epack3\u003c/code\u003e that is compatible with version 3.2.1 is downloaded and all queries are run.\u003c/li\u003e\n\u003cli\u003eVersion 4.5.6 of \u003ccode\u003epack4\u003c/code\u003e is downloaded and only the queries found in \u003ccode\u003epath/to/queries\u003c/code\u003e are run.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cdiv class=\"code-example\"\u003e\u003cheader class=\"d-flex flex-items-center flex-justify-between p-2 text-small rounded-top-1 border-top border-left border-right\"\u003e\u003cspan class=\"flex-1\"\u003eYAML\u003c/span\u003e\u003cbutton class=\"js-btn-copy btn btn-sm tooltipped tooltipped-nw\" aria-label=\"Copy YAML code to clipboard\" data-clipboard=\"43617054\"\u003e\u003csvg version=\"1.1\" width=\"16\" height=\"16\" viewBox=\"0 0 16 16\" class=\"octicon octicon-copy\" aria-hidden=\"true\"\u003e\u003cpath d=\"M0 6.75C0 5.784.784 5 1.75 5h1.5a.75.75 0 0 1 0 1.5h-1.5a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-1.5a.75.75 0 0 1 1.5 0v1.5A1.75 1.75 0 0 1 9.25 16h-7.5A1.75 1.75 0 0 1 0 14.25Z\"\u003e\u003c/path\u003e\u003cpath d=\"M5 1.75C5 .784 5.784 0 6.75 0h7.5C15.216 0 16 .784 16 1.75v7.5A1.75 1.75 0 0 1 14.25 11h-7.5A1.75 1.75 0 0 1 5 9.25Zm1.75-.25a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-7.5a.25.25 0 0 0-.25-.25Z\"\u003e\u003c/path\u003e\u003c/svg\u003e\u003c/button\u003e\u003cpre hidden data-clipboard=\"43617054\"\u003e- uses: github/codeql-action/init@v3\n with:\n # Comma-separated list of packs to download\n packs: scope/pack1,scope/pack2@1.2.3,scope/pack3@~3.2.1,scope/pack4@4.5.6:path/to/queries\n\u003c/pre\u003e\u003c/header\u003e\u003cpre\u003e\u003ccode class=\"hljs language-yaml\"\u003e\u003cspan class=\"hljs-bullet\"\u003e-\u003c/span\u003e \u003cspan class=\"hljs-attr\"\u003euses:\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003egithub/codeql-action/init@v3\u003c/span\u003e\n \u003cspan class=\"hljs-attr\"\u003ewith:\u003c/span\u003e\n \u003cspan class=\"hljs-comment\"\u003e# Comma-separated list of packs to download\u003c/span\u003e\n \u003cspan class=\"hljs-attr\"\u003epacks:\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003escope/pack1,scope/pack2@1.2.3,scope/pack3@~3.2.1,scope/pack4@4.5.6:path/to/queries\u003c/span\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e\n\u003cdiv class=\"ghd-alert ghd-alert-accent\"\u003e\u003cp class=\"ghd-alert-title\"\u003e\u003csvg version=\"1.1\" width=\"16\" height=\"16\" viewBox=\"0 0 16 16\" class=\"octicon mr-2\" aria-hidden\u003e\u003cpath d=\"M0 8a8 8 0 1 1 16 0A8 8 0 0 1 0 8Zm8-6.5a6.5 6.5 0 1 0 0 13 6.5 6.5 0 0 0 0-13ZM6.5 7.75A.75.75 0 0 1 7.25 7h1a.75.75 0 0 1 .75.75v2.75h.25a.75.75 0 0 1 0 1.5h-2a.75.75 0 0 1 0-1.5h.25v-2h-.25a.75.75 0 0 1-.75-.75ZM8 6a1 1 0 1 1 0-2 1 1 0 0 1 0 2Z\"\u003e\u003c/path\u003e\u003c/svg\u003eNote\u003c/p\u003e\n\u003cp\u003e\nIf you specify a particular version of a query pack to use, beware that the version you specify may eventually become too old to be used efficiently by the default CodeQL engine used by the CodeQL action. To ensure optimal performance, if you need to specify exact query pack versions, you should consider reviewing periodically whether the pinned version of the query pack needs to be moved forward.\u003c/p\u003e\n\u003cp\u003eFor more information about pack compatibility, see \"\u003ca href=\"/en/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/publishing-and-using-codeql-packs#about-codeql-pack-compatibility\" _originalHref=\"/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/publishing-and-using-codeql-packs#about-codeql-pack-compatibility\"\u003ePublishing and using CodeQL packs\u003c/a\u003e.\"\u003c/p\u003e\n\u003c/div\u003e\n\u003ch3 id=\"downloading-codeql-packs-from-github-enterprise-server\" tabindex=\"-1\"\u003e\u003ca class=\"heading-link\" href=\"#downloading-codeql-packs-from-github-enterprise-server\"\u003eDownloading CodeQL packs from GitHub Enterprise Server\u003cspan class=\"heading-link-symbol\" aria-hidden=\"true\"\u003e\u003c/span\u003e\u003c/a\u003e\u003c/h3\u003e\n\u003cp\u003eIf your workflow uses packs that are published on a GitHub Enterprise Server installation, you need to tell your workflow where to find them. You can do this by using the \u003ccode\u003eregistries\u003c/code\u003e input of the github/codeql-action/init@v3 action. This input accepts a list of \u003ccode\u003eurl\u003c/code\u003e, \u003ccode\u003epackages\u003c/code\u003e, and \u003ccode\u003etoken\u003c/code\u003e properties as shown below.\u003c/p\u003e\n\u003cdiv class=\"code-example\"\u003e\u003cheader class=\"d-flex flex-items-center flex-justify-between p-2 text-small rounded-top-1 border-top border-left border-right\"\u003e\u003cspan class=\"flex-1\"\u003eYAML\u003c/span\u003e\u003cbutton class=\"js-btn-copy btn btn-sm tooltipped tooltipped-nw\" aria-label=\"Copy YAML code to clipboard\" data-clipboard=\"1972162606\"\u003e\u003csvg version=\"1.1\" width=\"16\" height=\"16\" viewBox=\"0 0 16 16\" class=\"octicon octicon-copy\" aria-hidden=\"true\"\u003e\u003cpath d=\"M0 6.75C0 5.784.784 5 1.75 5h1.5a.75.75 0 0 1 0 1.5h-1.5a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-1.5a.75.75 0 0 1 1.5 0v1.5A1.75 1.75 0 0 1 9.25 16h-7.5A1.75 1.75 0 0 1 0 14.25Z\"\u003e\u003c/path\u003e\u003cpath d=\"M5 1.75C5 .784 5.784 0 6.75 0h7.5C15.216 0 16 .784 16 1.75v7.5A1.75 1.75 0 0 1 14.25 11h-7.5A1.75 1.75 0 0 1 5 9.25Zm1.75-.25a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-7.5a.25.25 0 0 0-.25-.25Z\"\u003e\u003c/path\u003e\u003c/svg\u003e\u003c/button\u003e\u003cpre hidden data-clipboard=\"1972162606\"\u003e- uses: github/codeql-action/init@v3\n with:\n registries: |\n # URL to the container registry, usually in this format\n - url: https://containers.GHEHOSTNAME1/v2/\n\n # List of package glob patterns to be found at this registry\n packages:\n - my-company/*\n - my-company2/*\n\n # Token, which should be stored as a secret\n token: ${{ secrets.GHEHOSTNAME1_TOKEN }}\n\n # URL to the default container registry\n - url: https://ghcr.io/v2/\n # Packages can also be a string\n packages: \"*/*\"\n token: ${{ secrets.GHCR_TOKEN }}\n\n \n\u003c/pre\u003e\u003c/header\u003e\u003cpre\u003e\u003ccode class=\"hljs language-yaml\"\u003e\u003cspan class=\"hljs-bullet\"\u003e-\u003c/span\u003e \u003cspan class=\"hljs-attr\"\u003euses:\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003egithub/codeql-action/init@v3\u003c/span\u003e\n \u003cspan class=\"hljs-attr\"\u003ewith:\u003c/span\u003e\n \u003cspan class=\"hljs-attr\"\u003eregistries:\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003e|\n # URL to the container registry, usually in this format\n - url: https://containers.GHEHOSTNAME1/v2/\n\u003c/span\u003e\n \u003cspan class=\"hljs-comment\"\u003e# List of package glob patterns to be found at this registry\u003c/span\u003e\n \u003cspan class=\"hljs-attr\"\u003epackages:\u003c/span\u003e\n \u003cspan class=\"hljs-bullet\"\u003e-\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003emy-company/*\u003c/span\u003e\n \u003cspan class=\"hljs-bullet\"\u003e-\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003emy-company2/*\u003c/span\u003e\n\n \u003cspan class=\"hljs-comment\"\u003e# Token, which should be stored as a secret\u003c/span\u003e\n \u003cspan class=\"hljs-attr\"\u003etoken:\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003e${{\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003esecrets.GHEHOSTNAME1_TOKEN\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003e}}\u003c/span\u003e\n\n \u003cspan class=\"hljs-comment\"\u003e# URL to the default container registry\u003c/span\u003e\n \u003cspan class=\"hljs-bullet\"\u003e-\u003c/span\u003e \u003cspan class=\"hljs-attr\"\u003eurl:\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003ehttps://ghcr.io/v2/\u003c/span\u003e\n \u003cspan class=\"hljs-comment\"\u003e# Packages can also be a string\u003c/span\u003e\n \u003cspan class=\"hljs-attr\"\u003epackages:\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003e\"*/*\"\u003c/span\u003e\n \u003cspan class=\"hljs-attr\"\u003etoken:\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003e${{\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003esecrets.GHCR_TOKEN\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003e}}\u003c/span\u003e\n\n \n\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e\n\u003cp\u003eThe package patterns in the registries list are examined in order, so you should generally place the most specific package patterns first. The values for \u003ccode\u003etoken\u003c/code\u003e must be a personal access token (classic) generated by the GitHub instance you are downloading from with the \u003ccode\u003eread:packages\u003c/code\u003e permission.\u003c/p\u003e\n\u003cp\u003eNotice the \u003ccode\u003e|\u003c/code\u003e after the \u003ccode\u003eregistries\u003c/code\u003e property name. This is important since GitHub Actions inputs can only accept strings. Using the \u003ccode\u003e|\u003c/code\u003e converts the subsequent text to a string, which is parsed later by the github/codeql-action/init@v3 action.\u003c/p\u003e\n\u003ch3 id=\"using-queries-in-ql-packs\" tabindex=\"-1\"\u003e\u003ca class=\"heading-link\" href=\"#using-queries-in-ql-packs\"\u003eUsing queries in QL packs\u003cspan class=\"heading-link-symbol\" aria-hidden=\"true\"\u003e\u003c/span\u003e\u003c/a\u003e\u003c/h3\u003e\n\u003cp\u003eTo add one or more queries, add a \u003ccode\u003ewith: queries:\u003c/code\u003e entry within the \u003ccode\u003euses: github/codeql-action/init@v3\u003c/code\u003e section of the workflow. If the queries are in a private repository, use the \u003ccode\u003eexternal-repository-token\u003c/code\u003e parameter to specify a token that has access to checkout the private repository.\u003c/p\u003e\n\u003cp\u003eYou can also specify query suites in the value of \u003ccode\u003equeries\u003c/code\u003e. Query suites are collections of queries, usually grouped by purpose or language.\u003c/p\u003e\n\u003cdiv class=\"code-example\"\u003e\u003cheader class=\"d-flex flex-items-center flex-justify-between p-2 text-small rounded-top-1 border-top border-left border-right\"\u003e\u003cspan class=\"flex-1\"\u003eYAML\u003c/span\u003e\u003cbutton class=\"js-btn-copy btn btn-sm tooltipped tooltipped-nw\" aria-label=\"Copy YAML code to clipboard\" data-clipboard=\"3555075386\"\u003e\u003csvg version=\"1.1\" width=\"16\" height=\"16\" viewBox=\"0 0 16 16\" class=\"octicon octicon-copy\" aria-hidden=\"true\"\u003e\u003cpath d=\"M0 6.75C0 5.784.784 5 1.75 5h1.5a.75.75 0 0 1 0 1.5h-1.5a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-1.5a.75.75 0 0 1 1.5 0v1.5A1.75 1.75 0 0 1 9.25 16h-7.5A1.75 1.75 0 0 1 0 14.25Z\"\u003e\u003c/path\u003e\u003cpath d=\"M5 1.75C5 .784 5.784 0 6.75 0h7.5C15.216 0 16 .784 16 1.75v7.5A1.75 1.75 0 0 1 14.25 11h-7.5A1.75 1.75 0 0 1 5 9.25Zm1.75-.25a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-7.5a.25.25 0 0 0-.25-.25Z\"\u003e\u003c/path\u003e\u003c/svg\u003e\u003c/button\u003e\u003cpre hidden data-clipboard=\"3555075386\"\u003e- uses: github/codeql-action/init@v3\n with:\n # Comma-separated list of queries / packs / suites to run.\n # This may include paths or a built in suite, for example:\n # security-extended or security-and-quality.\n queries: security-extended\n # Optional. Provide a token to access queries stored in private repositories.\n external-repository-token: ${{ secrets.ACCESS_TOKEN }}\n\u003c/pre\u003e\u003c/header\u003e\u003cpre\u003e\u003ccode class=\"hljs language-yaml\"\u003e\u003cspan class=\"hljs-bullet\"\u003e-\u003c/span\u003e \u003cspan class=\"hljs-attr\"\u003euses:\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003egithub/codeql-action/init@v3\u003c/span\u003e\n \u003cspan class=\"hljs-attr\"\u003ewith:\u003c/span\u003e\n \u003cspan class=\"hljs-comment\"\u003e# Comma-separated list of queries / packs / suites to run.\u003c/span\u003e\n \u003cspan class=\"hljs-comment\"\u003e# This may include paths or a built in suite, for example:\u003c/span\u003e\n \u003cspan class=\"hljs-comment\"\u003e# security-extended or security-and-quality.\u003c/span\u003e\n \u003cspan class=\"hljs-attr\"\u003equeries:\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003esecurity-extended\u003c/span\u003e\n \u003cspan class=\"hljs-comment\"\u003e# Optional. Provide a token to access queries stored in private repositories.\u003c/span\u003e\n \u003cspan class=\"hljs-attr\"\u003eexternal-repository-token:\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003e${{\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003esecrets.ACCESS_TOKEN\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003e}}\u003c/span\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e\n\u003cp\u003eThe following query suites are built into CodeQL code scanning and are available for use.\u003c/p\u003e\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth align=\"left\" scope=\"col\"\u003eQuery suite\u003c/th\u003e\u003cth align=\"left\" scope=\"col\"\u003eDescription\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd align=\"left\"\u003e\u003ccode\u003esecurity-extended\u003c/code\u003e\u003c/td\u003e\u003ctd align=\"left\"\u003eQueries from the default suite, plus lower severity and precision queries\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd align=\"left\"\u003e\u003ccode\u003esecurity-and-quality\u003c/code\u003e\u003c/td\u003e\u003ctd align=\"left\"\u003eQueries from \u003ccode\u003esecurity-extended\u003c/code\u003e, plus maintainability and reliability queries\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\n\u003cp\u003eFor more information, see: \"\u003ca href=\"/en/code-security/code-scanning/managing-your-code-scanning-configuration/built-in-codeql-query-suites\" _originalHref=\"/code-security/code-scanning/managing-your-code-scanning-configuration/built-in-codeql-query-suites\"\u003eCodeQL query suites\u003c/a\u003e.\"\u003c/p\u003e\n\u003cp\u003eEach of these query suites contains a different subset of the queries included in the built-in CodeQL query pack for that language. The query suites are automatically generated using the metadata for each query. For more information, see \"\u003ca href=\"https://codeql.github.com/docs/writing-codeql-queries/metadata-for-codeql-queries/\"\u003eMetadata for CodeQL queries\u003c/a\u003e.\"\u003c/p\u003e\n\u003cp\u003eWhen you specify a query suite, the CodeQL analysis engine will run the default set of queries and any extra queries defined in the additional query suite.\u003c/p\u003e\n\u003ch3 id=\"working-with-custom-configuration-files\" tabindex=\"-1\"\u003e\u003ca class=\"heading-link\" href=\"#working-with-custom-configuration-files\"\u003eWorking with custom configuration files\u003cspan class=\"heading-link-symbol\" aria-hidden=\"true\"\u003e\u003c/span\u003e\u003c/a\u003e\u003c/h3\u003e\n\u003cp\u003eIf you also use a configuration file for custom settings, any additional packs or queries specified in your workflow are used instead of those specified in the configuration file. If you want to run the combined set of additional packs or queries, prefix the value of \u003ccode\u003epacks\u003c/code\u003e or \u003ccode\u003equeries\u003c/code\u003e in the workflow with the \u003ccode\u003e+\u003c/code\u003e symbol. For more information, see \"\u003ca href=\"#using-a-custom-configuration-file\"\u003eUsing a custom configuration file\u003c/a\u003e.\"\u003c/p\u003e\n\u003cp\u003eIn the following example, the \u003ccode\u003e+\u003c/code\u003e symbol ensures that the specified additional packs and queries are used together with any specified in the referenced configuration file.\u003c/p\u003e\n\u003cdiv class=\"code-example\"\u003e\u003cheader class=\"d-flex flex-items-center flex-justify-between p-2 text-small rounded-top-1 border-top border-left border-right\"\u003e\u003cspan class=\"flex-1\"\u003eYAML\u003c/span\u003e\u003cbutton class=\"js-btn-copy btn btn-sm tooltipped tooltipped-nw\" aria-label=\"Copy YAML code to clipboard\" data-clipboard=\"3362304835\"\u003e\u003csvg version=\"1.1\" width=\"16\" height=\"16\" viewBox=\"0 0 16 16\" class=\"octicon octicon-copy\" aria-hidden=\"true\"\u003e\u003cpath d=\"M0 6.75C0 5.784.784 5 1.75 5h1.5a.75.75 0 0 1 0 1.5h-1.5a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-1.5a.75.75 0 0 1 1.5 0v1.5A1.75 1.75 0 0 1 9.25 16h-7.5A1.75 1.75 0 0 1 0 14.25Z\"\u003e\u003c/path\u003e\u003cpath d=\"M5 1.75C5 .784 5.784 0 6.75 0h7.5C15.216 0 16 .784 16 1.75v7.5A1.75 1.75 0 0 1 14.25 11h-7.5A1.75 1.75 0 0 1 5 9.25Zm1.75-.25a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-7.5a.25.25 0 0 0-.25-.25Z\"\u003e\u003c/path\u003e\u003c/svg\u003e\u003c/button\u003e\u003cpre hidden data-clipboard=\"3362304835\"\u003e- uses: github/codeql-action/init@v3\n with:\n config-file: ./.github/codeql/codeql-config.yml\n queries: +security-and-quality,octo-org/python-qlpack/show_ifs.ql@main\n packs: +scope/pack1,scope/pack2@1.2.3,scope/pack3@4.5.6:path/to/queries\n\u003c/pre\u003e\u003c/header\u003e\u003cpre\u003e\u003ccode class=\"hljs language-yaml\"\u003e\u003cspan class=\"hljs-bullet\"\u003e-\u003c/span\u003e \u003cspan class=\"hljs-attr\"\u003euses:\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003egithub/codeql-action/init@v3\u003c/span\u003e\n \u003cspan class=\"hljs-attr\"\u003ewith:\u003c/span\u003e\n \u003cspan class=\"hljs-attr\"\u003econfig-file:\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003e./.github/codeql/codeql-config.yml\u003c/span\u003e\n \u003cspan class=\"hljs-attr\"\u003equeries:\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003e+security-and-quality,octo-org/python-qlpack/show_ifs.ql@main\u003c/span\u003e\n \u003cspan class=\"hljs-attr\"\u003epacks:\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003e+scope/pack1,scope/pack2@1.2.3,scope/pack3@4.5.6:path/to/queries\u003c/span\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e\n\u003cp\u003e\u003ca name=\"using-a-custom-configuration-file\"\u003e\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003ca name=\"example-configuration-files\"\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch2 id=\"using-a-custom-configuration-file\" tabindex=\"-1\"\u003e\u003ca class=\"heading-link\" href=\"#using-a-custom-configuration-file\"\u003eUsing a custom configuration file\u003cspan class=\"heading-link-symbol\" aria-hidden=\"true\"\u003e\u003c/span\u003e\u003c/a\u003e\u003c/h2\u003e\n\u003cp\u003eA custom configuration file is an alternative way to specify additional packs and queries to run. You can also use the file to disable the default queries, exclude or include specific queries, and to specify which directories to scan during analysis.\u003c/p\u003e\n\u003cp\u003eIn the workflow file, use the \u003ccode\u003econfig-file\u003c/code\u003e parameter of the \u003ccode\u003einit\u003c/code\u003e action to specify the path to the configuration file you want to use. This example loads the configuration file \u003cem\u003e./.github/codeql/codeql-config.yml\u003c/em\u003e.\u003c/p\u003e\n\u003cdiv class=\"code-example\"\u003e\u003cheader class=\"d-flex flex-items-center flex-justify-between p-2 text-small rounded-top-1 border-top border-left border-right\"\u003e\u003cspan class=\"flex-1\"\u003eYAML\u003c/span\u003e\u003cbutton class=\"js-btn-copy btn btn-sm tooltipped tooltipped-nw\" aria-label=\"Copy YAML code to clipboard\" data-clipboard=\"167998265\"\u003e\u003csvg version=\"1.1\" width=\"16\" height=\"16\" viewBox=\"0 0 16 16\" class=\"octicon octicon-copy\" aria-hidden=\"true\"\u003e\u003cpath d=\"M0 6.75C0 5.784.784 5 1.75 5h1.5a.75.75 0 0 1 0 1.5h-1.5a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-1.5a.75.75 0 0 1 1.5 0v1.5A1.75 1.75 0 0 1 9.25 16h-7.5A1.75 1.75 0 0 1 0 14.25Z\"\u003e\u003c/path\u003e\u003cpath d=\"M5 1.75C5 .784 5.784 0 6.75 0h7.5C15.216 0 16 .784 16 1.75v7.5A1.75 1.75 0 0 1 14.25 11h-7.5A1.75 1.75 0 0 1 5 9.25Zm1.75-.25a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-7.5a.25.25 0 0 0-.25-.25Z\"\u003e\u003c/path\u003e\u003c/svg\u003e\u003c/button\u003e\u003cpre hidden data-clipboard=\"167998265\"\u003e- uses: github/codeql-action/init@v3\n with:\n config-file: ./.github/codeql/codeql-config.yml\n\u003c/pre\u003e\u003c/header\u003e\u003cpre\u003e\u003ccode class=\"hljs language-yaml\"\u003e\u003cspan class=\"hljs-bullet\"\u003e-\u003c/span\u003e \u003cspan class=\"hljs-attr\"\u003euses:\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003egithub/codeql-action/init@v3\u003c/span\u003e\n \u003cspan class=\"hljs-attr\"\u003ewith:\u003c/span\u003e\n \u003cspan class=\"hljs-attr\"\u003econfig-file:\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003e./.github/codeql/codeql-config.yml\u003c/span\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e\n\u003cp\u003eThe configuration file can be located within the repository you are analyzing, or in an external repository. Using an external repository allows you to specify configuration options for multiple repositories in a single place. When you reference a configuration file located in an external repository, you can use the \u003cem\u003eOWNER/REPOSITORY/FILENAME@BRANCH\u003c/em\u003e syntax. For example, \u003cem\u003eocto-org/shared/codeql-config.yml@main\u003c/em\u003e.\u003c/p\u003e\n\u003cp\u003eIf the configuration file is located in an external private repository, use the \u003ccode\u003eexternal-repository-token\u003c/code\u003e parameter of the \u003ccode\u003einit\u003c/code\u003e action to specify a token that has access to the private repository.\u003c/p\u003e\n\u003cdiv class=\"code-example\"\u003e\u003cheader class=\"d-flex flex-items-center flex-justify-between p-2 text-small rounded-top-1 border-top border-left border-right\"\u003e\u003cspan class=\"flex-1\"\u003eYAML\u003c/span\u003e\u003cbutton class=\"js-btn-copy btn btn-sm tooltipped tooltipped-nw\" aria-label=\"Copy YAML code to clipboard\" data-clipboard=\"6172638\"\u003e\u003csvg version=\"1.1\" width=\"16\" height=\"16\" viewBox=\"0 0 16 16\" class=\"octicon octicon-copy\" aria-hidden=\"true\"\u003e\u003cpath d=\"M0 6.75C0 5.784.784 5 1.75 5h1.5a.75.75 0 0 1 0 1.5h-1.5a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-1.5a.75.75 0 0 1 1.5 0v1.5A1.75 1.75 0 0 1 9.25 16h-7.5A1.75 1.75 0 0 1 0 14.25Z\"\u003e\u003c/path\u003e\u003cpath d=\"M5 1.75C5 .784 5.784 0 6.75 0h7.5C15.216 0 16 .784 16 1.75v7.5A1.75 1.75 0 0 1 14.25 11h-7.5A1.75 1.75 0 0 1 5 9.25Zm1.75-.25a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-7.5a.25.25 0 0 0-.25-.25Z\"\u003e\u003c/path\u003e\u003c/svg\u003e\u003c/button\u003e\u003cpre hidden data-clipboard=\"6172638\"\u003e- uses: github/codeql-action/init@v3\n with:\n external-repository-token: ${{ secrets.ACCESS_TOKEN }}\n\u003c/pre\u003e\u003c/header\u003e\u003cpre\u003e\u003ccode class=\"hljs language-yaml\"\u003e\u003cspan class=\"hljs-bullet\"\u003e-\u003c/span\u003e \u003cspan class=\"hljs-attr\"\u003euses:\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003egithub/codeql-action/init@v3\u003c/span\u003e\n \u003cspan class=\"hljs-attr\"\u003ewith:\u003c/span\u003e\n \u003cspan class=\"hljs-attr\"\u003eexternal-repository-token:\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003e${{\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003esecrets.ACCESS_TOKEN\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003e}}\u003c/span\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e\n\u003cp\u003eThe settings in the configuration file are written in YAML format.\u003c/p\u003e\n\u003ch3 id=\"specifying-codeql-query-packs\" tabindex=\"-1\"\u003e\u003ca class=\"heading-link\" href=\"#specifying-codeql-query-packs\"\u003eSpecifying CodeQL query packs\u003cspan class=\"heading-link-symbol\" aria-hidden=\"true\"\u003e\u003c/span\u003e\u003c/a\u003e\u003c/h3\u003e\n\u003cp\u003eYou specify CodeQL query packs in an array. Note that the format is different from the format used by the workflow file.\u003c/p\u003e\n\u003cdiv class=\"code-example\"\u003e\u003cheader class=\"d-flex flex-items-center flex-justify-between p-2 text-small rounded-top-1 border-top border-left border-right\"\u003e\u003cspan class=\"flex-1\"\u003eYAML\u003c/span\u003e\u003cbutton class=\"js-btn-copy btn btn-sm tooltipped tooltipped-nw\" aria-label=\"Copy YAML code to clipboard\" data-clipboard=\"75218363\"\u003e\u003csvg version=\"1.1\" width=\"16\" height=\"16\" viewBox=\"0 0 16 16\" class=\"octicon octicon-copy\" aria-hidden=\"true\"\u003e\u003cpath d=\"M0 6.75C0 5.784.784 5 1.75 5h1.5a.75.75 0 0 1 0 1.5h-1.5a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-1.5a.75.75 0 0 1 1.5 0v1.5A1.75 1.75 0 0 1 9.25 16h-7.5A1.75 1.75 0 0 1 0 14.25Z\"\u003e\u003c/path\u003e\u003cpath d=\"M5 1.75C5 .784 5.784 0 6.75 0h7.5C15.216 0 16 .784 16 1.75v7.5A1.75 1.75 0 0 1 14.25 11h-7.5A1.75 1.75 0 0 1 5 9.25Zm1.75-.25a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-7.5a.25.25 0 0 0-.25-.25Z\"\u003e\u003c/path\u003e\u003c/svg\u003e\u003c/button\u003e\u003cpre hidden data-clipboard=\"75218363\"\u003epacks:\n # Use the latest version of 'pack1' published by 'scope'\n - scope/pack1\n # Use version 1.2.3 of 'pack2'\n - scope/pack2@1.2.3\n # Use the latest version of 'pack3' compatible with 3.2.1\n - scope/pack3@~3.2.1\n # Use pack4 and restrict it to queries found in the 'path/to/queries' directory\n - scope/pack4:path/to/queries\n # Use pack5 and restrict it to the query 'path/to/single/query.ql'\n - scope/pack5:path/to/single/query.ql\n # Use pack6 and restrict it to the query suite 'path/to/suite.qls'\n - scope/pack6:path/to/suite.qls\n\u003c/pre\u003e\u003c/header\u003e\u003cpre\u003e\u003ccode class=\"hljs language-yaml\"\u003e\u003cspan class=\"hljs-attr\"\u003epacks:\u003c/span\u003e\n \u003cspan class=\"hljs-comment\"\u003e# Use the latest version of 'pack1' published by 'scope'\u003c/span\u003e\n \u003cspan class=\"hljs-bullet\"\u003e-\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003escope/pack1\u003c/span\u003e\n \u003cspan class=\"hljs-comment\"\u003e# Use version 1.2.3 of 'pack2'\u003c/span\u003e\n \u003cspan class=\"hljs-bullet\"\u003e-\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003escope/pack2@1.2.3\u003c/span\u003e\n \u003cspan class=\"hljs-comment\"\u003e# Use the latest version of 'pack3' compatible with 3.2.1\u003c/span\u003e\n \u003cspan class=\"hljs-bullet\"\u003e-\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003escope/pack3@~3.2.1\u003c/span\u003e\n \u003cspan class=\"hljs-comment\"\u003e# Use pack4 and restrict it to queries found in the 'path/to/queries' directory\u003c/span\u003e\n \u003cspan class=\"hljs-bullet\"\u003e-\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003escope/pack4:path/to/queries\u003c/span\u003e\n \u003cspan class=\"hljs-comment\"\u003e# Use pack5 and restrict it to the query 'path/to/single/query.ql'\u003c/span\u003e\n \u003cspan class=\"hljs-bullet\"\u003e-\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003escope/pack5:path/to/single/query.ql\u003c/span\u003e\n \u003cspan class=\"hljs-comment\"\u003e# Use pack6 and restrict it to the query suite 'path/to/suite.qls'\u003c/span\u003e\n \u003cspan class=\"hljs-bullet\"\u003e-\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003escope/pack6:path/to/suite.qls\u003c/span\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e\n\u003cp\u003eThe full format for specifying a query pack is \u003ccode\u003escope/name[@version][:path]\u003c/code\u003e. Both \u003ccode\u003eversion\u003c/code\u003e and \u003ccode\u003epath\u003c/code\u003e are optional. \u003ccode\u003eversion\u003c/code\u003e is semver version range. If it is missing, the latest version is used. For more information about semver ranges, see the \u003ca href=\"https://docs.npmjs.com/cli/v6/using-npm/semver#ranges\"\u003esemver docs on npm\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eIf you have a workflow that generates more than one CodeQL database, you can specify any CodeQL query packs to run in a custom configuration file using a nested map of packs.\u003c/p\u003e\n\u003cdiv class=\"code-example\"\u003e\u003cheader class=\"d-flex flex-items-center flex-justify-between p-2 text-small rounded-top-1 border-top border-left border-right\"\u003e\u003cspan class=\"flex-1\"\u003eYAML\u003c/span\u003e\u003cbutton class=\"js-btn-copy btn btn-sm tooltipped tooltipped-nw\" aria-label=\"Copy YAML code to clipboard\" data-clipboard=\"3378253639\"\u003e\u003csvg version=\"1.1\" width=\"16\" height=\"16\" viewBox=\"0 0 16 16\" class=\"octicon octicon-copy\" aria-hidden=\"true\"\u003e\u003cpath d=\"M0 6.75C0 5.784.784 5 1.75 5h1.5a.75.75 0 0 1 0 1.5h-1.5a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-1.5a.75.75 0 0 1 1.5 0v1.5A1.75 1.75 0 0 1 9.25 16h-7.5A1.75 1.75 0 0 1 0 14.25Z\"\u003e\u003c/path\u003e\u003cpath d=\"M5 1.75C5 .784 5.784 0 6.75 0h7.5C15.216 0 16 .784 16 1.75v7.5A1.75 1.75 0 0 1 14.25 11h-7.5A1.75 1.75 0 0 1 5 9.25Zm1.75-.25a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-7.5a.25.25 0 0 0-.25-.25Z\"\u003e\u003c/path\u003e\u003c/svg\u003e\u003c/button\u003e\u003cpre hidden data-clipboard=\"3378253639\"\u003epacks:\n # Use these packs for JavaScript and TypeScript analysis\n javascript:\n - scope/js-pack1\n - scope/js-pack2\n # Use these packs for Java and Kotlin analysis\n java:\n - scope/java-pack1\n - scope/java-pack2@v1.0.0\n\u003c/pre\u003e\u003c/header\u003e\u003cpre\u003e\u003ccode class=\"hljs language-yaml\"\u003e\u003cspan class=\"hljs-attr\"\u003epacks:\u003c/span\u003e\n \u003cspan class=\"hljs-comment\"\u003e# Use these packs for JavaScript and TypeScript analysis\u003c/span\u003e\n \u003cspan class=\"hljs-attr\"\u003ejavascript:\u003c/span\u003e\n \u003cspan class=\"hljs-bullet\"\u003e-\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003escope/js-pack1\u003c/span\u003e\n \u003cspan class=\"hljs-bullet\"\u003e-\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003escope/js-pack2\u003c/span\u003e\n \u003cspan class=\"hljs-comment\"\u003e# Use these packs for Java and Kotlin analysis\u003c/span\u003e\n \u003cspan class=\"hljs-attr\"\u003ejava:\u003c/span\u003e\n \u003cspan class=\"hljs-bullet\"\u003e-\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003escope/java-pack1\u003c/span\u003e\n \u003cspan class=\"hljs-bullet\"\u003e-\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003escope/java-pack2@v1.0.0\u003c/span\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e\n\u003ch3 id=\"extending-codeql-coverage-with-threat-models\" tabindex=\"-1\"\u003e\u003ca class=\"heading-link\" href=\"#extending-codeql-coverage-with-threat-models\"\u003eExtending CodeQL coverage with threat models\u003cspan class=\"heading-link-symbol\" aria-hidden=\"true\"\u003e\u003c/span\u003e\u003c/a\u003e\u003c/h3\u003e\n\u003cdiv class=\"ghd-alert ghd-alert-accent\"\u003e\u003cp class=\"ghd-alert-title\"\u003e\u003csvg version=\"1.1\" width=\"16\" height=\"16\" viewBox=\"0 0 16 16\" class=\"octicon mr-2\" aria-hidden\u003e\u003cpath d=\"M0 8a8 8 0 1 1 16 0A8 8 0 0 1 0 8Zm8-6.5a6.5 6.5 0 1 0 0 13 6.5 6.5 0 0 0 0-13ZM6.5 7.75A.75.75 0 0 1 7.25 7h1a.75.75 0 0 1 .75.75v2.75h.25a.75.75 0 0 1 0 1.5h-2a.75.75 0 0 1 0-1.5h.25v-2h-.25a.75.75 0 0 1-.75-.75ZM8 6a1 1 0 1 1 0-2 1 1 0 0 1 0 2Z\"\u003e\u003c/path\u003e\u003c/svg\u003eNote\u003c/p\u003e\n\u003cp\u003e\nThreat models are currently in public preview and subject to change. During the public preview, threat models are supported only by analysis for Java/Kotlin and C#.\u003c/p\u003e\n\u003c/div\u003e\n\u003cp\u003eThe default threat model includes remote sources of untrusted data. You can extend the CodeQL threat model to include local sources of untrusted data (for example: command-line arguments, environment variables, file systems, and databases) by specifying \u003ccode\u003ethreat-models: local\u003c/code\u003e in a custom configuration file. If you extend the threat model, the default threat model will also be used.\u003c/p\u003e\n\u003ch3 id=\"specifying-additional-queries\" tabindex=\"-1\"\u003e\u003ca class=\"heading-link\" href=\"#specifying-additional-queries\"\u003eSpecifying additional queries\u003cspan class=\"heading-link-symbol\" aria-hidden=\"true\"\u003e\u003c/span\u003e\u003c/a\u003e\u003c/h3\u003e\n\u003cp\u003eYou specify additional queries in a \u003ccode\u003equeries\u003c/code\u003e array. Each element of the array contains a \u003ccode\u003euses\u003c/code\u003e parameter with a value that identifies a single query file, a directory containing query files, or a query suite definition file.\u003c/p\u003e\n\u003cdiv class=\"code-example\"\u003e\u003cheader class=\"d-flex flex-items-center flex-justify-between p-2 text-small rounded-top-1 border-top border-left border-right\"\u003e\u003cspan class=\"flex-1\"\u003eYAML\u003c/span\u003e\u003cbutton class=\"js-btn-copy btn btn-sm tooltipped tooltipped-nw\" aria-label=\"Copy YAML code to clipboard\" data-clipboard=\"3133970016\"\u003e\u003csvg version=\"1.1\" width=\"16\" height=\"16\" viewBox=\"0 0 16 16\" class=\"octicon octicon-copy\" aria-hidden=\"true\"\u003e\u003cpath d=\"M0 6.75C0 5.784.784 5 1.75 5h1.5a.75.75 0 0 1 0 1.5h-1.5a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-1.5a.75.75 0 0 1 1.5 0v1.5A1.75 1.75 0 0 1 9.25 16h-7.5A1.75 1.75 0 0 1 0 14.25Z\"\u003e\u003c/path\u003e\u003cpath d=\"M5 1.75C5 .784 5.784 0 6.75 0h7.5C15.216 0 16 .784 16 1.75v7.5A1.75 1.75 0 0 1 14.25 11h-7.5A1.75 1.75 0 0 1 5 9.25Zm1.75-.25a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-7.5a.25.25 0 0 0-.25-.25Z\"\u003e\u003c/path\u003e\u003c/svg\u003e\u003c/button\u003e\u003cpre hidden data-clipboard=\"3133970016\"\u003equeries:\n - uses: ./my-basic-queries/example-query.ql\n - uses: ./my-advanced-queries\n - uses: ./query-suites/my-security-queries.qls\n\u003c/pre\u003e\u003c/header\u003e\u003cpre\u003e\u003ccode class=\"hljs language-yaml\"\u003e\u003cspan class=\"hljs-attr\"\u003equeries:\u003c/span\u003e\n \u003cspan class=\"hljs-bullet\"\u003e-\u003c/span\u003e \u003cspan class=\"hljs-attr\"\u003euses:\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003e./my-basic-queries/example-query.ql\u003c/span\u003e\n \u003cspan class=\"hljs-bullet\"\u003e-\u003c/span\u003e \u003cspan class=\"hljs-attr\"\u003euses:\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003e./my-advanced-queries\u003c/span\u003e\n \u003cspan class=\"hljs-bullet\"\u003e-\u003c/span\u003e \u003cspan class=\"hljs-attr\"\u003euses:\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003e./query-suites/my-security-queries.qls\u003c/span\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e\n\u003cp\u003eOptionally, you can give each array element a name, as shown in the example configuration files below. For more information about additional queries, see \"\u003ca href=\"#running-additional-queries\"\u003eRunning additional queries\u003c/a\u003e\" above.\u003c/p\u003e\n\u003ch3 id=\"disabling-the-default-queries\" tabindex=\"-1\"\u003e\u003ca class=\"heading-link\" href=\"#disabling-the-default-queries\"\u003eDisabling the default queries\u003cspan class=\"heading-link-symbol\" aria-hidden=\"true\"\u003e\u003c/span\u003e\u003c/a\u003e\u003c/h3\u003e\n\u003cp\u003eIf you only want to run custom queries, you can disable the default security queries by using \u003ccode\u003edisable-default-queries: true\u003c/code\u003e.\u003c/p\u003e\n\u003ch3 id=\"excluding-specific-queries-from-analysis\" tabindex=\"-1\"\u003e\u003ca class=\"heading-link\" href=\"#excluding-specific-queries-from-analysis\"\u003eExcluding specific queries from analysis\u003cspan class=\"heading-link-symbol\" aria-hidden=\"true\"\u003e\u003c/span\u003e\u003c/a\u003e\u003c/h3\u003e\n\u003cp\u003eYou can add \u003ccode\u003eexclude\u003c/code\u003e and \u003ccode\u003einclude\u003c/code\u003e filters to your custom configuration file, to specify the queries you want to exclude or include in the analysis.\u003c/p\u003e\n\u003cp\u003eThis is useful if you want to exclude, for example:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSpecific queries from the default suites (\u003ccode\u003esecurity\u003c/code\u003e, \u003ccode\u003esecurity-extended\u003c/code\u003e and \u003ccode\u003esecurity-and-quality\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eSpecific queries whose results do not interest you.\u003c/li\u003e\n\u003cli\u003eAll the queries that generate warnings and recommendations.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eYou can use \u003ccode\u003eexclude\u003c/code\u003e filters similar to those in the configuration file below to exclude queries that you want to remove from the default analysis. In the example of configuration file below, both the \u003ccode\u003ejs/redundant-assignment\u003c/code\u003e and the \u003ccode\u003ejs/useless-assignment-to-local\u003c/code\u003e queries are excluded from analysis.\u003c/p\u003e\n\u003cdiv class=\"code-example\"\u003e\u003cheader class=\"d-flex flex-items-center flex-justify-between p-2 text-small rounded-top-1 border-top border-left border-right\"\u003e\u003cspan class=\"flex-1\"\u003eYAML\u003c/span\u003e\u003cbutton class=\"js-btn-copy btn btn-sm tooltipped tooltipped-nw\" aria-label=\"Copy YAML code to clipboard\" data-clipboard=\"3192009928\"\u003e\u003csvg version=\"1.1\" width=\"16\" height=\"16\" viewBox=\"0 0 16 16\" class=\"octicon octicon-copy\" aria-hidden=\"true\"\u003e\u003cpath d=\"M0 6.75C0 5.784.784 5 1.75 5h1.5a.75.75 0 0 1 0 1.5h-1.5a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-1.5a.75.75 0 0 1 1.5 0v1.5A1.75 1.75 0 0 1 9.25 16h-7.5A1.75 1.75 0 0 1 0 14.25Z\"\u003e\u003c/path\u003e\u003cpath d=\"M5 1.75C5 .784 5.784 0 6.75 0h7.5C15.216 0 16 .784 16 1.75v7.5A1.75 1.75 0 0 1 14.25 11h-7.5A1.75 1.75 0 0 1 5 9.25Zm1.75-.25a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-7.5a.25.25 0 0 0-.25-.25Z\"\u003e\u003c/path\u003e\u003c/svg\u003e\u003c/button\u003e\u003cpre hidden data-clipboard=\"3192009928\"\u003equery-filters:\n - exclude:\n id: js/redundant-assignment\n - exclude:\n id: js/useless-assignment-to-local\n\u003c/pre\u003e\u003c/header\u003e\u003cpre\u003e\u003ccode class=\"hljs language-yaml\"\u003e\u003cspan class=\"hljs-attr\"\u003equery-filters:\u003c/span\u003e\n \u003cspan class=\"hljs-bullet\"\u003e-\u003c/span\u003e \u003cspan class=\"hljs-attr\"\u003eexclude:\u003c/span\u003e\n \u003cspan class=\"hljs-attr\"\u003eid:\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003ejs/redundant-assignment\u003c/span\u003e\n \u003cspan class=\"hljs-bullet\"\u003e-\u003c/span\u003e \u003cspan class=\"hljs-attr\"\u003eexclude:\u003c/span\u003e\n \u003cspan class=\"hljs-attr\"\u003eid:\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003ejs/useless-assignment-to-local\u003c/span\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e\n\u003cp\u003eTo find the id of a query, you can click the alert in the list of alerts in the \u003cstrong\u003eSecurity\u003c/strong\u003e tab. This opens the alert details page. The \u003ccode\u003eRule ID\u003c/code\u003e field contains the query id. For more information about the alert details page, see \"\u003ca href=\"/en/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts#about-alert-details\" _originalHref=\"/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts#about-alert-details\"\u003eAbout code scanning alerts\u003c/a\u003e.\"\u003c/p\u003e\n\u003cdiv class=\"ghd-alert ghd-alert-success\"\u003e\u003cp class=\"ghd-alert-title\"\u003e\u003csvg version=\"1.1\" width=\"16\" height=\"16\" viewBox=\"0 0 16 16\" class=\"octicon mr-2\" aria-hidden\u003e\u003cpath d=\"M8 1.5c-2.363 0-4 1.69-4 3.75 0 .984.424 1.625.984 2.304l.214.253c.223.264.47.556.673.848.284.411.537.896.621 1.49a.75.75 0 0 1-1.484.211c-.04-.282-.163-.547-.37-.847a8.456 8.456 0 0 0-.542-.68c-.084-.1-.173-.205-.268-.32C3.201 7.75 2.5 6.766 2.5 5.25 2.5 2.31 4.863 0 8 0s5.5 2.31 5.5 5.25c0 1.516-.701 2.5-1.328 3.259-.095.115-.184.22-.268.319-.207.245-.383.453-.541.681-.208.3-.33.565-.37.847a.751.751 0 0 1-1.485-.212c.084-.593.337-1.078.621-1.489.203-.292.45-.584.673-.848.075-.088.147-.173.213-.253.561-.679.985-1.32.985-2.304 0-2.06-1.637-3.75-4-3.75ZM5.75 12h4.5a.75.75 0 0 1 0 1.5h-4.5a.75.75 0 0 1 0-1.5ZM6 15.25a.75.75 0 0 1 .75-.75h2.5a.75.75 0 0 1 0 1.5h-2.5a.75.75 0 0 1-.75-.75Z\"\u003e\u003c/path\u003e\u003c/svg\u003eTip\u003c/p\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe order of the filters is important. The first filter instruction that appears after the instructions about the queries and query packs determines whether the queries are included or excluded by default.\u003c/li\u003e\n\u003cli\u003eSubsequent instructions are executed in order and the instructions that appear later in the file take precedence over the earlier instructions.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/div\u003e\n\u003cp\u003eYou can find another example illustrating the use of these filters in the \"\u003ca href=\"#example-configuration-files\"\u003eExample configuration files\u003c/a\u003e\" section.\u003c/p\u003e\n\u003cp\u003eFor more information about using \u003ccode\u003eexclude\u003c/code\u003e and \u003ccode\u003einclude\u003c/code\u003e filters in your custom configuration file, see \"\u003ca href=\"/en/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-codeql-query-suites#filtering-the-queries-in-a-query-suite\" _originalHref=\"/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-codeql-query-suites#filtering-the-queries-in-a-query-suite\"\u003eCreating CodeQL query suites\u003c/a\u003e.\" For information on the query metadata you can filter on, see \"\u003ca href=\"https://codeql.github.com/docs/writing-codeql-queries/metadata-for-codeql-queries/\"\u003eMetadata for CodeQL queries\u003c/a\u003e.\"\u003c/p\u003e\n\u003ch3 id=\"specifying-directories-to-scan\" tabindex=\"-1\"\u003e\u003ca class=\"heading-link\" href=\"#specifying-directories-to-scan\"\u003eSpecifying directories to scan\u003cspan class=\"heading-link-symbol\" aria-hidden=\"true\"\u003e\u003c/span\u003e\u003c/a\u003e\u003c/h3\u003e\n\u003cp\u003eWhen codebases are analyzed without building the code, you can restrict code scanning to files in specific directories by adding a \u003ccode\u003epaths\u003c/code\u003e array to the configuration file. You can also exclude the files in specific directories from analysis by adding a \u003ccode\u003epaths-ignore\u003c/code\u003e array. You can use this option when you run the CodeQL actions on an interpreted language (Python, Ruby, and JavaScript/TypeScript) or when you analyze a compiled language without building the code (currently supported for C# and Java).\u003c/p\u003e\n\u003cdiv class=\"code-example\"\u003e\u003cheader class=\"d-flex flex-items-center flex-justify-between p-2 text-small rounded-top-1 border-top border-left border-right\"\u003e\u003cspan class=\"flex-1\"\u003eYAML\u003c/span\u003e\u003cbutton class=\"js-btn-copy btn btn-sm tooltipped tooltipped-nw\" aria-label=\"Copy YAML code to clipboard\" data-clipboard=\"466826455\"\u003e\u003csvg version=\"1.1\" width=\"16\" height=\"16\" viewBox=\"0 0 16 16\" class=\"octicon octicon-copy\" aria-hidden=\"true\"\u003e\u003cpath d=\"M0 6.75C0 5.784.784 5 1.75 5h1.5a.75.75 0 0 1 0 1.5h-1.5a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-1.5a.75.75 0 0 1 1.5 0v1.5A1.75 1.75 0 0 1 9.25 16h-7.5A1.75 1.75 0 0 1 0 14.25Z\"\u003e\u003c/path\u003e\u003cpath d=\"M5 1.75C5 .784 5.784 0 6.75 0h7.5C15.216 0 16 .784 16 1.75v7.5A1.75 1.75 0 0 1 14.25 11h-7.5A1.75 1.75 0 0 1 5 9.25Zm1.75-.25a.25.25 0 0 0-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 0 0 .25-.25v-7.5a.25.25 0 0 0-.25-.25Z\"\u003e\u003c/path\u003e\u003c/svg\u003e\u003c/button\u003e\u003cpre hidden data-clipboard=\"466826455\"\u003epaths:\n - src\npaths-ignore:\n - src/node_modules\n - '**/*.test.js'\n\u003c/pre\u003e\u003c/header\u003e\u003cpre\u003e\u003ccode class=\"hljs language-yaml\"\u003e\u003cspan class=\"hljs-attr\"\u003epaths:\u003c/span\u003e\n \u003cspan class=\"hljs-bullet\"\u003e-\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003esrc\u003c/span\u003e\n\u003cspan class=\"hljs-attr\"\u003epaths-ignore:\u003c/span\u003e\n \u003cspan class=\"hljs-bullet\"\u003e-\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003esrc/node_modules\u003c/span\u003e\n \u003cspan class=\"hljs-bullet\"\u003e-\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003e'**/*.test.js'\u003c/span\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e\n\u003cdiv class=\"ghd-alert ghd-alert-accent\"\u003e\u003cp class=\"ghd-alert-title\"\u003e\u003csvg version=\"1.1\" width=\"16\" height=\"16\" viewBox=\"0 0 16 16\" class=\"octicon mr-2\" aria-hidden\u003e\u003cpath d=\"M0 8a8 8 0 1 1 16 0A8 8 0 0 1 0 8Zm8-6.5a6.5 6.5 0 1 0 0 13 6.5 6.5 0 0 0 0-13ZM6.5 7.75A.75.75 0 0 1 7.25 7h1a.75.75 0 0 1 .75.75v2.75h.25a.75.75 0 0 1 0 1.5h-2a.75.75 0 0 1 0-1.5h.25v-2h-.25a.75.75 0 0 1-.75-.75ZM8 6a1 1 0 1 1 0-2 1 1 0 0 1 0 2Z\"\u003e\u003c/path\u003e\u003c/svg\u003eNote\u003c/p\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003epaths\u003c/code\u003e and \u003ccode\u003epaths-ignore\u003c/code\u003e keywords, used in the context of the code scanning configuration file, should not be confused with the same keywords when used for \u003ccode\u003eon.\u0026#x3C;push|pull_request\u003e.paths\u003c/code\u003e in a workflow. When they are used to modify \u003ccode\u003eon.\u0026#x3C;push|pull_request\u003e\u003c/code\u003e in a workflow, they determine whether the actions will be run when someone modifies code in the specified directories. For more information, see \"\u003ca href=\"/en/actions/using-workflows/workflow-syntax-for-github-actions#onpushpull_requestpull_request_targetpathspaths-ignore\" _originalHref=\"/actions/using-workflows/workflow-syntax-for-github-actions#onpushpull_requestpull_request_targetpathspaths-ignore\"\u003eWorkflow syntax for GitHub Actions\u003c/a\u003e.\"\u003c/li\u003e\n\u003cli\u003eThe filter pattern characters \u003ccode\u003e?\u003c/code\u003e, \u003ccode\u003e+\u003c/code\u003e, \u003ccode\u003e[\u003c/code\u003e, \u003ccode\u003e]\u003c/code\u003e, and \u003ccode\u003e!\u003c/code\u003e are not supported and will be matched literally.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e**\u003c/code\u003e characters can only be at the start or end of a line, or surrounded by slashes, and you can't mix \u003ccode\u003e**\u003c/code\u003e and other characters. For example, \u003ccode\u003efoo/**\u003c/code\u003e, \u003ccode\u003e**/foo\u003c/code\u003e, and \u003ccode\u003efoo/**/bar\u003c/code\u003e are all allowed syntax, but \u003ccode\u003e**foo\u003c/code\u003e isn't. However you can use single stars along with other characters, as shown in the example. You'll need to quote anything that contains a \u003ccode\u003e*\u003c/code\u003e character.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/div\u003e\n\u003cp\u003eFor analysis where code is built, if you want to limit code scanning to specific directories in your project, you must specify appropriate build steps in the workflow. The commands you need to use to exclude a directory from the build will depend on your build system. For more information, see \"\u003ca href=\"/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#adding-build-steps-for-a-compiled-language\" _originalHref=\"/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#adding-build-steps-for-a-compiled-language\"\u003eCodeQL code scanning for compiled languages\u003c/a\u003e.\"\u003c/p\u003e\n\u003cp\u003eYou can quickly analyze small portions of a monorepo when you modify code in specific directories. You'll need to both exclude directories in your build steps and use the \u003ccode\u003epaths-ignore\u003c/code\u003e and \u003ccode\u003epaths\u003c/code\u003e keywords for \u003ca href=\"/en/actions/using-workflows/workflow-syntax-for-github-actions#onpushpull_requestpull_request_targetpathspaths-ignore\" _originalHref=\"/actions/using-workflows/workflow-syntax-for-github-actions#onpushpull_requestpull_request_targetpathspaths-ignore\"\u003e\u003ccode\u003eon.\u0026#x3C;push|pull_request\u003e\u003c/code\u003e\u003c/a\u003e in your workflow.\u003c/p\u003e\n\u003ch3 id=\"example-configuration-files\" tabindex=\"-1\"\u003e\u003ca class=\"heading-link\" href=\"#example-configuration-files\"\u003eExample configuration files\u003cspan class=\"heading-link-symbol\" aria-hidden=\"true\"\u003e\u003c/span\u003e\u003c/a\u003e\u003c/h3\u003e\n\u003cp\u003eThis configuration file adds the \u003ccode\u003esecurity-and-quality\u003c/code\u003e query suite to the list of queries run by CodeQL when scanning your code. For more information about the query suites available for use, see \"\u003ca href=\"#running-additional-queries\"\u003eRunning additional queries\u003c/a\u003e.\"\u003c/p\u003e\n\u003cpre\u003e\u003ccode class=\"hljs language-yaml\"\u003e\u003cspan class=\"hljs-attr\"\u003ename:\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003e\"My CodeQL config\"\u003c/span\u003e\n\n\u003cspan class=\"hljs-attr\"\u003equeries:\u003c/span\u003e\n \u003cspan class=\"hljs-bullet\"\u003e-\u003c/span\u003e \u003cspan class=\"hljs-attr\"\u003euses:\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003esecurity-and-quality\u003c/span\u003e\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe following configuration file disables the default queries and specifies a set of custom queries to run instead. It also configures CodeQL to scan files in the \u003cem\u003esrc\u003c/em\u003e directory (relative to the root), except for the \u003cem\u003esrc/node_modules\u003c/em\u003e directory, and except for files whose name ends in \u003cem\u003e.test.js\u003c/em\u003e. Files in \u003cem\u003esrc/node_modules\u003c/em\u003e and files with names ending \u003cem\u003e.test.js\u003c/em\u003e are therefore excluded from analysis.\u003c/p\u003e\n\u003cpre\u003e\u003ccode class=\"hljs language-yaml\"\u003e\u003cspan class=\"hljs-attr\"\u003ename:\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003e\"My CodeQL config\"\u003c/span\u003e\n\n\u003cspan class=\"hljs-attr\"\u003edisable-default-queries:\u003c/span\u003e \u003cspan class=\"hljs-literal\"\u003etrue\u003c/span\u003e\n\n\u003cspan class=\"hljs-attr\"\u003equeries:\u003c/span\u003e\n \u003cspan class=\"hljs-bullet\"\u003e-\u003c/span\u003e \u003cspan class=\"hljs-attr\"\u003ename:\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003eUse\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003ean\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003ein-repository\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003eCodeQL\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003epack\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003e(run\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003equeries\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003ein\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003ethe\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003emy-queries\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003edirectory)\u003c/span\u003e\n \u003cspan class=\"hljs-attr\"\u003euses:\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003e./my-queries\u003c/span\u003e\n \u003cspan class=\"hljs-bullet\"\u003e-\u003c/span\u003e \u003cspan class=\"hljs-attr\"\u003ename:\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003eUse\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003ean\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003eexternal\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003eJavaScript\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003eCodeQL\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003epack\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003e(run\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003equeries\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003efrom\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003ean\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003eexternal\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003erepo)\u003c/span\u003e\n \u003cspan class=\"hljs-attr\"\u003euses:\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003eocto-org/javascript-codeql-pack@main\u003c/span\u003e\n \u003cspan class=\"hljs-bullet\"\u003e-\u003c/span\u003e \u003cspan class=\"hljs-attr\"\u003ename:\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003eUse\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003ean\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003eexternal\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003equery\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003e(run\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003ea\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003esingle\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003equery\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003efrom\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003ean\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003eexternal\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003eCodeQL\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003epack)\u003c/span\u003e\n \u003cspan class=\"hljs-attr\"\u003euses:\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003eocto-org/python-codeql-pack/show_ifs.ql@main\u003c/span\u003e\n \u003cspan class=\"hljs-bullet\"\u003e-\u003c/span\u003e \u003cspan class=\"hljs-attr\"\u003ename:\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003eUse\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003ea\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003equery\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003esuite\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003efile\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003e(run\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003equeries\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003efrom\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003ea\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003equery\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003esuite\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003ein\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003ethis\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003erepo)\u003c/span\u003e\n \u003cspan class=\"hljs-attr\"\u003euses:\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003e./codeql-packs/complex-python-codeql-pack/rootAndBar.qls\u003c/span\u003e\n\n\u003cspan class=\"hljs-attr\"\u003epaths:\u003c/span\u003e\n \u003cspan class=\"hljs-bullet\"\u003e-\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003esrc\u003c/span\u003e\n\u003cspan class=\"hljs-attr\"\u003epaths-ignore:\u003c/span\u003e\n \u003cspan class=\"hljs-bullet\"\u003e-\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003esrc/node_modules\u003c/span\u003e\n \u003cspan class=\"hljs-bullet\"\u003e-\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003e'**/*.test.js'\u003c/span\u003e\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe following configuration file only runs queries that generate alerts of severity error. The configuration first selects all the default queries, all queries in \u003ccode\u003e./my-queries\u003c/code\u003e, and the default suite in \u003ccode\u003ecodeql/java-queries\u003c/code\u003e, then excludes all the queries that generate warnings or recommendations.\u003c/p\u003e\n\u003cpre\u003e\u003ccode class=\"hljs language-yaml\"\u003e\u003cspan class=\"hljs-attr\"\u003equeries:\u003c/span\u003e\n \u003cspan class=\"hljs-bullet\"\u003e-\u003c/span\u003e \u003cspan class=\"hljs-attr\"\u003ename:\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003eUse\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003ean\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003ein-repository\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003eCodeQL\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003equery\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003epack\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003e(run\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003equeries\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003ein\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003ethe\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003emy-queries\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003edirectory)\u003c/span\u003e\n \u003cspan class=\"hljs-attr\"\u003euses:\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003e./my-queries\u003c/span\u003e\n\u003cspan class=\"hljs-attr\"\u003epacks:\u003c/span\u003e\n \u003cspan class=\"hljs-bullet\"\u003e-\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003ecodeql/java-queries\u003c/span\u003e\n\u003cspan class=\"hljs-attr\"\u003equery-filters:\u003c/span\u003e\n\u003cspan class=\"hljs-bullet\"\u003e-\u003c/span\u003e \u003cspan class=\"hljs-attr\"\u003eexclude:\u003c/span\u003e\n \u003cspan class=\"hljs-attr\"\u003eproblem.severity:\u003c/span\u003e\n \u003cspan class=\"hljs-bullet\"\u003e-\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003ewarning\u003c/span\u003e\n \u003cspan class=\"hljs-bullet\"\u003e-\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003erecommendation\u003c/span\u003e\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2 id=\"specifying-configuration-details-using-the-config-input\" tabindex=\"-1\"\u003e\u003ca class=\"heading-link\" href=\"#specifying-configuration-details-using-the-config-input\"\u003eSpecifying configuration details using the \u003ccode\u003econfig\u003c/code\u003e input\u003cspan class=\"heading-link-symbol\" aria-hidden=\"true\"\u003e\u003c/span\u003e\u003c/a\u003e\u003c/h2\u003e\n\u003cp\u003eIf you'd prefer to specify additional configuration details in the workflow file, you can use the \u003ccode\u003econfig\u003c/code\u003e input of the \u003ccode\u003einit\u003c/code\u003e command of the CodeQL action. The value of this input must be a YAML string that follows the configuration file format documented at \"\u003ca href=\"#using-a-custom-configuration-file\"\u003eUsing a custom configuration file\u003c/a\u003e\" above.\u003c/p\u003e\n\u003ch3 id=\"example-configuration\" tabindex=\"-1\"\u003e\u003ca class=\"heading-link\" href=\"#example-configuration\"\u003eExample configuration\u003cspan class=\"heading-link-symbol\" aria-hidden=\"true\"\u003e\u003c/span\u003e\u003c/a\u003e\u003c/h3\u003e\n\u003cp\u003eThis step in a GitHub Actions workflow file uses a \u003ccode\u003econfig\u003c/code\u003e input to disable the default queries, add the \u003ccode\u003esecurity-extended\u003c/code\u003e query suite, and exclude queries that are tagged with \u003ccode\u003ecwe-020\u003c/code\u003e.\u003c/p\u003e\n\u003cpre\u003e\u003ccode class=\"hljs language-yaml\"\u003e\u003cspan class=\"hljs-bullet\"\u003e-\u003c/span\u003e \u003cspan class=\"hljs-attr\"\u003euses:\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003egithub/codeql-action/init@v3\u003c/span\u003e\n \u003cspan class=\"hljs-attr\"\u003ewith:\u003c/span\u003e\n \u003cspan class=\"hljs-attr\"\u003elanguages:\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003e${{\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003ematrix.language\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003e}}\u003c/span\u003e\n \u003cspan class=\"hljs-attr\"\u003econfig:\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003e|\n disable-default-queries: true\n queries:\n - uses: security-extended\n query-filters:\n - exclude:\n tags: /cwe-020/\n\u003c/span\u003e\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eYou can use the same approach to specify any valid configuration options in the workflow file.\u003c/p\u003e\n\u003cdiv class=\"ghd-alert ghd-alert-success\"\u003e\u003cp class=\"ghd-alert-title\"\u003e\u003csvg version=\"1.1\" width=\"16\" height=\"16\" viewBox=\"0 0 16 16\" class=\"octicon mr-2\" aria-hidden\u003e\u003cpath d=\"M8 1.5c-2.363 0-4 1.69-4 3.75 0 .984.424 1.625.984 2.304l.214.253c.223.264.47.556.673.848.284.411.537.896.621 1.49a.75.75 0 0 1-1.484.211c-.04-.282-.163-.547-.37-.847a8.456 8.456 0 0 0-.542-.68c-.084-.1-.173-.205-.268-.32C3.201 7.75 2.5 6.766 2.5 5.25 2.5 2.31 4.863 0 8 0s5.5 2.31 5.5 5.25c0 1.516-.701 2.5-1.328 3.259-.095.115-.184.22-.268.319-.207.245-.383.453-.541.681-.208.3-.33.565-.37.847a.751.751 0 0 1-1.485-.212c.084-.593.337-1.078.621-1.489.203-.292.45-.584.673-.848.075-.088.147-.173.213-.253.561-.679.985-1.32.985-2.304 0-2.06-1.637-3.75-4-3.75ZM5.75 12h4.5a.75.75 0 0 1 0 1.5h-4.5a.75.75 0 0 1 0-1.5ZM6 15.25a.75.75 0 0 1 .75-.75h2.5a.75.75 0 0 1 0 1.5h-2.5a.75.75 0 0 1-.75-.75Z\"\u003e\u003c/path\u003e\u003c/svg\u003eTip\u003c/p\u003e\n\u003cp\u003e\nYou can share one configuration across multiple repositories using GitHub Actions variables. One benefit of this approach is that you can update the configuration in a single place without editing the workflow file.\u003c/p\u003e\n\u003cp\u003eIn the following example, \u003ccode\u003evars.CODEQL_CONF\u003c/code\u003e is a GitHub Actions variable. Its value can be the contents of any valid configuration file. For more information, see \"\u003ca href=\"/en/actions/learn-github-actions/variables#defining-configuration-variables-for-multiple-workflows\" _originalHref=\"/actions/learn-github-actions/variables#defining-configuration-variables-for-multiple-workflows\"\u003eStore information in variables\u003c/a\u003e.\"\u003c/p\u003e\n\u003cpre\u003e\u003ccode class=\"hljs language-yaml\"\u003e\u003cspan class=\"hljs-bullet\"\u003e-\u003c/span\u003e \u003cspan class=\"hljs-attr\"\u003euses:\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003egithub/codeql-action/init@v3\u003c/span\u003e\n \u003cspan class=\"hljs-attr\"\u003ewith:\u003c/span\u003e\n \u003cspan class=\"hljs-attr\"\u003elanguages:\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003e${{\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003ematrix.language\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003e}}\u003c/span\u003e\n \u003cspan class=\"hljs-attr\"\u003econfig:\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003e${{\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003evars.CODEQL_CONF\u003c/span\u003e \u003cspan class=\"hljs-string\"\u003e}}\u003c/span\u003e\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/div\u003e\n\u003ch2 id=\"configuring-code-scanning-for-compiled-languages\" tabindex=\"-1\"\u003e\u003ca class=\"heading-link\" href=\"#configuring-code-scanning-for-compiled-languages\"\u003eConfiguring code scanning for compiled languages\u003cspan class=\"heading-link-symbol\" aria-hidden=\"true\"\u003e\u003c/span\u003e\u003c/a\u003e\u003c/h2\u003e\n\u003cp\u003eFor compiled languages, you can decide how the CodeQL action creates a CodeQL database for analysis. For information about the build options available, see \"\u003ca href=\"/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages\" _originalHref=\"/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages\"\u003eCodeQL code scanning for compiled languages\u003c/a\u003e.\"\u003c/p\u003e\n\u003ch2 id=\"uploading-code-scanning-data-to-github\" tabindex=\"-1\"\u003e\u003ca class=\"heading-link\" href=\"#uploading-code-scanning-data-to-github\"\u003eUploading code scanning data to GitHub\u003cspan class=\"heading-link-symbol\" aria-hidden=\"true\"\u003e\u003c/span\u003e\u003c/a\u003e\u003c/h2\u003e\n\u003cp\u003eGitHub can display code analysis data generated externally by a third-party tool. You can upload code analysis data with the \u003ccode\u003eupload-sarif\u003c/code\u003e action. For more information, see \"\u003ca href=\"/en/code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github\" _originalHref=\"/code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github\"\u003eUploading a SARIF file to GitHub\u003c/a\u003e.\"\u003c/p\u003e","miniTocItems":[{"contents":{"href":"#about-code-scanning-configuration","title":"About code scanning configuration"}},{"contents":{"href":"#editing-a-code-scanning-workflow","title":"Editing a code scanning workflow"}},{"contents":{"href":"#configuring-frequency","title":"Configuring frequency"}},{"contents":{"href":"#specifying-an-operating-system","title":"Specifying an operating system"}},{"contents":{"href":"#specifying-the-location-for-codeql-databases","title":"Specifying the location for CodeQL databases"}},{"contents":{"href":"#changing-the-languages-that-are-analyzed","title":"Changing the languages that are analyzed"}},{"contents":{"href":"#defining-the-alert-severities-that-cause-a-check-failure-for-a-pull-request","title":"Defining the alert severities that cause a check failure for a pull request"}},{"contents":{"href":"#configuring-a-category-for-the-analysis","title":"Configuring a category for the analysis"}},{"contents":{"href":"#extending-codeql-coverage-with-codeql-model-packs","title":"Extending CodeQL coverage with CodeQL model packs"}},{"contents":{"href":"#running-additional-queries","title":"Running additional queries"}},{"contents":{"href":"#using-a-custom-configuration-file","title":"Using a custom configuration file"}},{"contents":{"href":"#specifying-configuration-details-using-the-config-input","title":"Specifying configuration details using the config input"}},{"contents":{"href":"#configuring-code-scanning-for-compiled-languages","title":"Configuring code scanning for compiled languages"}},{"contents":{"href":"#uploading-code-scanning-data-to-github","title":"Uploading code scanning data to GitHub"}}],"permissions":"\u003cp\u003eUsers with \u003cstrong\u003ewrite\u003c/strong\u003e access if \u003ca href=\"/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning\" _originalHref=\"/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning\"\u003eadvanced setup\u003c/a\u003e is already enabled\u003c/p\u003e","includesPlatformSpecificContent":false,"includesToolSpecificContent":false,"defaultPlatform":"","defaultTool":"","product":"","productVideoUrl":"","currentLearningTrack":null,"detectedPlatforms":[],"detectedTools":[],"allTools":{"agents":"Agents","api":"API","azure_data_studio":"Azure Data Studio","bash":"Bash","cli":"GitHub CLI","codespaces":"Codespaces","curl":"curl","desktop":"Desktop","importer_cli":"GitHub Enterprise Importer CLI","javascript":"JavaScript","jetbrains":"JetBrains IDEs","jetbrains_beta":"JetBrains IDEs (Beta)","skillsets":"Skillsets","vimneovim":"Vim/Neovim","powershell":"PowerShell","visualstudio":"Visual Studio","vscode":"Visual Studio Code","webui":"Web browser","windowsterminal":"Windows Terminal","xcode":"Xcode"},"supportPortalVaIframeProps":{"supportPortalUrl":"https://support.github.com","vaFlowUrlParameter":""},"currentLayout":"default"}},"languagesContext":{"languages":{"en":{"name":"English","code":"en"},"zh":{"name":"Simplified Chinese","code":"zh","hreflang":"zh-Hans","nativeName":"简体中文"},"es":{"name":"Spanish","code":"es","nativeName":"Español"},"pt":{"name":"Portuguese","code":"pt","nativeName":"Português do Brasil"},"ru":{"name":"Russian","code":"ru","nativeName":"Русский"},"ja":{"name":"Japanese","code":"ja","nativeName":"日本語"},"fr":{"name":"French","code":"fr","nativeName":"Français"},"de":{"name":"German","code":"de","nativeName":"Deutsch"},"ko":{"name":"Korean","code":"ko","nativeName":"한국어"}}},"__N_SSP":true},"page":"/[versionId]/[productId]/[...restPage]","query":{"versionId":"free-pro-team@latest","productId":"code-security","restPage":["code-scanning","creating-an-advanced-setup-for-code-scanning","customizing-your-advanced-setup-for-code-scanning"]},"buildId":"zlsDNEj4XHFrSHCwIiw66","isFallback":false,"isExperimentalCompile":false,"gssp":true,"appGip":true,"locale":"en","locales":["en","zh","es","pt","ru","ja","fr","de","ko"],"defaultLocale":"en","scriptLoader":[]}</script></body></html>