Skip to main content

This version of GitHub Enterprise Server was discontinued on 2023-09-25. No patch releases will be made, even for critical security issues. For better performance, improved security, and new features, upgrade to the latest version of GitHub Enterprise Server. For help with the upgrade, contact GitHub Enterprise support.

Troubleshooting code scanning

When analyzing your code with code scanning, you may need to troubleshoot unexpected issues.

Error: "Advanced Security must be enabled for this repository to use code scanning"

If you see this error, make sure that GitHub Advanced Security is enabled.

Alerts found in generated code

When analyzing your code with code scanning, you may wish to build only the code which you wish to analyze.

Code scanning analysis takes too long

You can fine tune your code scanning configuration to minimize analysis time.

Automatic build failed for a compiled language

If automatic build fails, you can configure code scanning to use specific build steps for compiled languages.

Cannot enable CodeQL in a private repository

GitHub Advanced Security must be enabled in order to use code scanning on private repositories.

Extraction errors in the database

You can check whether or not extraction errors affect the health of the CodeQL database created.

CodeQL scanned fewer lines than expected

If CodeQL analyzed less code than than you expected, you may need to use a custom build command.

Logs are not detailed enough

If you'd like to increase the level of detail in your logs, try these steps.

Error: "No source code was seen during the build"

When CodeQL fails to find any source code, you need to resolve this problem to unblock code scanning analysis.

Error: "is not a .ql file, .qls file, a directory, or a query pack specification"

CodeQL was unable to locate one of the queries or sets of queries that are specified for analysis.

Error: "Out of disk" or Error: "Out of memory"

If you see one of these errors with GitHub Actions, try reviewing the specifications of your self-hosted runners.

Some languages were not analyzed with CodeQL advanced setup

If some languages were not analyzed, you can modify your code scanning workflow to add a matrix specifying the languages you want to analyze.

Warning: "1 issue was detected with this workflow: git checkout HEAD^2 is no longer necessary"

If you see this warning, you should update your workflow to follow current best practice.