With CodeQL code scanning, you can select a specific group of CodeQL queries, called a CodeQL query suite, to run against your code. The following built-in query suites are available through GitHub:
security-extendedquery suite. This suite is referred to as the "Extended" query suite on GitHub.
Currently, both the
default query suite and the
security-extended query suite are available for default setup for code scanning. Additionally, organization owners and security managers can recommend a query suite for use with default setup throughout their organization. For more information on configuring default setup for individual repositories, see "Configuring default setup for code scanning." For more information on configuring default setup at scale and recommending a query suite, see "Configuring default setup for code scanning at scale."
To use a custom query suite, you must configure advanced setup for CodeQL code scanning. For more information on advanced setups and creating a query suite, see "Configuring advanced setup for code scanning" and "Creating CodeQL query suites."
The built-in CodeQL query suites,
security-extended, are created and maintained by GitHub. Both of these query suites are available for every CodeQL-supported language. For more information on CodeQL-supported languages, see "About code scanning with CodeQL."
defaultquery suite is the group of queries run by default in CodeQL code scanning on GitHub.
- The queries in the
defaultquery suite are highly precise and return few false positive code scanning results. Relative to the
security-extendedquery suite, the
defaultsuite returns fewer low-confidence code scanning results.
- This query suite is available for use with default setup for code scanning.
security-extendedquery suite consists of all the queries in the
defaultquery suite, plus additional queries with slightly lower precision and severity.
- Relative to the
defaultquery suite, the
security-extendedsuite may return a greater number of false positive code scanning results.
- This query suite is available for use with default setup for code scanning, and is referred to as the "Extended" query suite on GitHub.