Skip to main content

This version of GitHub Enterprise Server will be discontinued on 2024-03-07. No patch releases will be made, even for critical security issues. For better performance, improved security, and new features, upgrade to the latest version of GitHub Enterprise Server. For help with the upgrade, contact GitHub Enterprise support.

Configuring code scanning with CodeQL at scale

You can use a script to configure code scanning for a specific group of repositories in your organization.

Who can use this feature?

Code scanning is available for organization-owned repositories in GitHub Enterprise Server. This feature requires a license for GitHub Advanced Security. For more information, see "About GitHub Advanced Security."

About configuring code scanning with CodeQL at scale

To configure code scanning across multiple repositories, you can write a bulk configuration script. To successfully execute the script, GitHub Actions must be enabled for the site.

Using a script to configure code scanning

  1. Identify a group of repositories that can be analyzed using the same code scanning configuration. For example, all repositories that build Java artifacts using the production environment.
  2. Create and test a GitHub Actions workflow to call the CodeQL action with the appropriate configuration. For more information, see "Configuring code scanning."
  3. Use one of the example scripts create a custom script to add the workflow to each repository in the group.