About CodeQL query suites
With CodeQL code scanning, you can select a specific group of CodeQL queries, called a CodeQL query suite, to run against your code. The following built-in query suites are available through GitHub:
- the
defaultquery suite. - the
security-extendedquery suite.
Currently, both the default query suite and the security-extended query suite are available for the default setup for code scanning. For more information on the default setup, see "Configuring code scanning for a repository."
To use a custom query suite, you must create an advanced setup for CodeQL code scanning. For more information on advanced setups and creating a query suite, see "Configuring code scanning for a repository" and "Creating CodeQL query suites."
Built-in CodeQL query suites
The built-in CodeQL query suites, default and security-extended, are created and maintained by GitHub. Both of these query suites are available for every CodeQL-supported language. For more information on CodeQL-supported languages, see "About code scanning with CodeQL."
default query suite
- The
defaultquery suite is the group of queries run by default in CodeQL code scanning on GitHub. - The queries in the
defaultquery suite are highly precise and return few false positive code scanning results. Relative to thesecurity-extendedquery suite, thedefaultsuite returns fewer low-confidence code scanning results. - This query suite is available for use with the default setup for code scanning.
security-extended query suite
- The
security-extendedquery suite consists of all the queries in thedefaultquery suite, plus additional queries with slightly lower precision and severity. - Relative to the
defaultquery suite, thesecurity-extendedsuite may return a greater number of false positive code scanning results. - This query suite is available for use with the default setup for code scanning.