Skip to main content

GitHub AE is currently under limited release.

Configuring code scanning with CodeQL at scale

You can use a script to configure code scanning for a specific group of repositories in your organization.

Code scanning is available for organization-owned repositories in GitHub AE. This is a GitHub Advanced Security feature (free during the beta release). For more information, see "About GitHub Advanced Security."

About configuring code scanning with CodeQL at scale

To configure code scanning across multiple repositories, you can write a bulk configuration script. To successfully execute the script, GitHub Actions must be enabled for the organization or enterprise.

Using a script to configure code scanning

  1. Identify a group of repositories that can be analyzed using the same code scanning configuration. For example, all repositories that build Java artifacts using the production environment.
  2. Create and test a GitHub Actions workflow to call the CodeQL action with the appropriate configuration. For more information, see "Configuring code scanning."
  3. Use one of the example scripts create a custom script to add the workflow to each repository in the group.