Skip to main content

Two CodeQL workflows

If you see two workflows named "CodeQL", one workflow may be a pre-existing CodeQL workflow file which has been disabled by default setup.

Note: This article describes the features available with the version of the CodeQL action and associated CodeQL CLI bundle included in the initial release of this version of GitHub Enterprise Server. If your enterprise uses a more recent version of the CodeQL action, see the GitHub Enterprise Cloud version of this article for information on the latest features. For information on using the latest version, see "Configuring code scanning for your appliance."

Default setup overrides existing CodeQL setups by disabling any existing CodeQL workflows, and blocking any CodeQL analysis API uploads. This behavior stops you using GitHub Actions minutes to run workflows for CodeQL advanced setup when only the results from default setup will be used. For more information about switching between advanced and default setups, see "Results are different than expected."

Optionally, if you are certain you no longer need the pre-existing workflow file, you can delete the file from your repository. For more information, see "Deleting files in a repository."

In some cases, your repository may use multiple code scanning configurations. These configurations can generate duplicate alerts. Additionally, stale configurations that no longer run will display outdated alert statuses, and the stale alerts will stay open indefinitely. To avoid outdated alerts, you should remove stale code scanning configurations from a branch. For more information on multiple configurations and deleting stale configurations, see "About code scanning alerts" and "Managing code scanning alerts for your repository."