Skip to main content

This version of GitHub Enterprise Server will be discontinued on 2024-06-29. No patch releases will be made, even for critical security issues. For better performance, improved security, and new features, upgrade to the latest version of GitHub Enterprise Server. For help with the upgrade, contact GitHub Enterprise support.

Alerts found in generated code

When analyzing your code with code scanning, you may wish to build only the code which you wish to analyze.

Note: This article describes the features available with the version of the CodeQL action and associated CodeQL CLI bundle included in the initial release of this version of GitHub Enterprise Server. If your enterprise uses a more recent version of the CodeQL action, see the GitHub Enterprise Cloud version of this article for information on the latest features. For information on using the latest version, see "Configuring code scanning for your appliance."

For compiled languages like Java, Kotlin, Go, C, C++, and C#, CodeQL analyzes all of the code which was built during the workflow run. To limit the amount of code being analyzed, build only the code which you wish to analyze by specifying your own build steps in a run block. You can combine specifying your own build steps with using the paths or paths-ignore filters on the pull_request and push events to ensure that your workflow only runs when specific code is changed. For more information, see "Workflow syntax for GitHub Actions."

For languages like JavaScript, Python, and TypeScript, that CodeQL analyzes without compiling the source code, you can specify additional configuration options to limit the amount of code to analyze. For more information, see "Customizing your advanced setup for code scanning."