Troubleshooting code scanning
When analyzing your code with code scanning, you may need to troubleshoot unexpected issues.
If you see this error, make sure that GitHub Advanced Security is enabled.
When analyzing your code with code scanning, you may wish to build only the code which you wish to analyze.
You can fine tune your code scanning configuration to minimize analysis time.
If automatic build fails, you can configure code scanning to use specific build steps for compiled languages.
GitHub Advanced Security must be enabled in order to use code scanning on private repositories.
If you think that enabling default setup has stalled, you can restart the process.
You can check whether or not extraction errors affect the health of the CodeQL database created.
If CodeQL analyzed less code than than you expected, you may need to use a custom build command.
If you'd like to increase the level of detail in your logs, try these steps.
When CodeQL fails to find any source code, you need to resolve this problem to unblock code scanning analysis.
CodeQL was unable to locate one of the queries or sets of queries that are specified for analysis.
If you see one of these errors with GitHub Actions, you can try alternative runners.
This error may be seen on pull requests created by Dependabot and can be resolved in a couple of different ways.
If your code scanning results are different than you expected, you can check which configurations are active.
You may see different results depending on whether you run the CodeQL analysis workflow on Linux, macOS, or Windows.
If you see this error, it may be transient. Check the current GitHub Actions service status, and try running your workflow again.
If some languages were not analyzed, you can modify your code scanning workflow to add a matrix specifying the languages you want to analyze.
If you see two workflows named "CodeQL", one workflow may be a pre-existing CodeQL workflow file which has been disabled by default setup.
If you don't know what triggered an analysis, investigate the tool status page or look at the log for the last scan.
If you see this warning, you should update your workflow to follow current best practice.