If you are on a free, pro, or team plan, you can only use code scanning on repositories that are publically available. To enable code scanning for private or internal repositories, you must upgrade to GitHub Enterprise with GitHub Advanced Security and enable GitHub Advanced Security for the repository. For more information, see "GitHub’s plans" and "About GitHub Advanced Security."
Cannot enable CodeQL in a private repository
GitHub Advanced Security must be enabled in order to use code scanning on private repositories.