Skip to main content

This version of GitHub Enterprise Server was discontinued on 2024-09-25. No patch releases will be made, even for critical security issues. For better performance, improved security, and new features, upgrade to the latest version of GitHub Enterprise Server. For help with the upgrade, contact GitHub Enterprise support.

Configuring advanced setup for code scanning with CodeQL at scale

You can use a script to configure advanced setup for code scanning for a specific group of repositories in your organization.

Who can use this feature?

Organization owners, security managers, and organization members with the admin role

Organization-owned repositories with GitHub Advanced Security enabled

About enabling advanced setup for code scanning with CodeQL at scale

If you need to configure a highly customizable code scanning setup for many repositories in your organization, or if repositories in your organization are ineligible for default setup, you can enable code scanning at scale with advanced setup.

To enable advanced setup across multiple repositories, you can write a bulk configuration script. To successfully execute the script, GitHub Actions must be enabled for the site.

Alternatively, if you do not need granular control over the code scanning configuration for many repositories in your organization, you can quickly and easily configure code scanning at scale with default setup. For more information, see Configuring default setup for code scanning at scale.

Using a script to enable advanced setup

For repositories that are not eligible for default setup, you can use a bulk configuration script to enable advanced setup across multiple repositories.

  1. Identify a group of repositories that can be analyzed using the same code scanning configuration. For example, all repositories that build Java artifacts using the production environment.
  2. Create and test a GitHub Actions workflow to call the CodeQL action with the appropriate configuration. For more information, see Configuring advanced setup for code scanning.
  3. Use one of the example scripts or create a custom script to add the workflow to each repository in the group.