Skip to main content

Troubleshooting your default setup for CodeQL

If you're having problems with the default code scanning setup, you can troubleshoot by using these tips for resolving issues.

Code scanning is available for all public repositories on GitHub.com. Code scanning is also available for private repositories owned by organizations that use GitHub Enterprise Cloud and have a license for GitHub Advanced Security. For more information, see "About GitHub Advanced Security."

Disabling a pre-existing CodeQL workflow

If you see two workflows named CodeQL, you need to disable the workflow triggered by your pre-existing CodeQL workflow file. Navigate to the main page of your repository, then click Actions. In the sidebar, find the two workflows named CodeQL, then open both workflows. Following the workflow title, look for a link to the workflow file. This file will likely be named codeql.yml or codeql-analysis.yml. Once you have found the CodeQL workflow with an associated workflow file, select on the workflow summary page, then click Disable workflow. For more information about disabling workflows, see "Disabling and enabling a workflow."

Using more GitHub Actions minutes than expected

If a repository uses more GitHub Actions minutes than expected, and you previously scanned the repository using the advanced setup for CodeQL, your pre-existing workflow file may be running in addition to the default CodeQL setup. For more information on disabling your pre-existing workflow file, see "Disabling a pre-existing CodeQL workflow."

Optionally, if you are certain you no longer need the pre-existing workflow file, you can instead delete the file from your repository. For more information, see "Deleting files in a repository."

Enabling the default setup takes too long

If enabling your default setup is taking too long, try canceling the workflow run and restarting the setup. To restart your setup, navigate to the main page of your repository, then click Actions. Click the CodeQL workflow run that's in progress, then click Cancel workflow. Once appears beside the workflow run name, navigate back to the Code security and analysis settings and re-enable the default setup. If the default setup continues to stall, please contact GitHub Support or try enabling the advanced setup. For more information, see "Configuring code scanning for a repository."

Unclear what triggered a workflow run

If you don't know what triggered an analysis, look at the log for the last scan. For more information on viewing your last scan's log, see "Viewing code scanning logs."