Skip to main content

Configuration des exécuteurs plus volumineux pour l’installation par défaut

Vous pouvez exécuter code scanning l’installation par défaut plus rapidement sur des codebases plus grands en utilisant exécuteurs plus grands.

Qui peut utiliser cette fonctionnalité ?

Les Exécuteur de plus grande taille sont uniquement disponibles pour les organisations et les entreprises qui utilisent les plans GitHub Team ou GitHub Enterprise Cloud.

Code scanning est disponible pour tous les dépôts publics sur GitHub.com. Pour utiliser code scanning dans un dépôt privé appartenant à une organisation, vous devez avoir une licence pour GitHub Advanced Security. Pour plus d’informations, consultez « À propos de GitHub Advanced Security ».

Note: Support for larger runners for code scanning default setup is currently in beta and subject to change.

About larger runners for default setup

Customers on GitHub Team and GitHub Enterprise Cloud plans can choose from a range of managed virtual machines that have more resources than the standard GitHub-hosted runners. These machines are referred to as "larger runner." They offer the following advanced features:

  • More RAM, CPU, and disk space
  • Static IP addresses
  • Azure private networking
  • The ability to group runners
  • Autoscaling to support concurrent workflows
  • GPU-powered and ARM-powered runners

These larger runners are hosted by GitHub and have the runner application and other tools preinstalled. For more information about larger runners, see "About larger runners."

Consider configuring larger runners for default setup if:

  • Your scans with standard GitHub-hosted runners are taking too long.
  • Your scans with standard GitHub-hosted runners are returning memory or disk errors.
  • You want to customize aspects of your code scanning runner like the runner size, runner image, and job concurrency without using self-hosted runners.

Warning: Currently, Swift analysis is not available on larger runners for default setup. Additionally, if your repository has access to a runner with the code-scanning label, such as a larger runner provisioned for default setup, default setup workflows will only use runners labeled code-scanning. If you would like to configure default setup on larger runners and analyze Swift, you have two options:

  • Provision a self-hosted macOS runner with the code-scanning label in addition to your larger runner. For more information, see "Configuring self-hosted runners for code scanning in your enterprise."
  • Ensure any repositories containing Swift do not have access to runners with the label code-scanning. Default setup workflows for that repository will only use standard runners.

Provisioning enterprise-level larger runners for default setup

  1. Add a larger runner to your enterprise. For more information, see "Managing larger runners."
    • To add the code-scanning label to your larger runner, name the runner code-scanning. An enterprise can only have one larger runner named code-scanning, and that runner will handle all code scanning jobs for all organizations and repositories within your enterprise that:
      • Have access to the enterprise-level runner, and
      • Don't have access to an organization-level larger runner named code-scanning. If an organization or repository also has access to an organization-level larger runner named code-scanning, each code scanning job will be randomly assigned to either the organization-level or enterprise-level runner.
  2. To allow organizations to access your larger runner, specify which organizations can use the runner group the runner is assigned to. For more information, see "Controlling access to larger runners."
  3. To analyze repositories with default setup, grant the desired repositories access to the runner group your larger runner is assigned to. For more information, see "Managing larger runners."
  4. You can now configure default setup for your enterprise, organizations, and repositories, and your larger runner will automatically pick up code scanning jobs as previously specified. For more information on configuring default setup, see "Configuring default setup for code scanning" and "Configuring default setup for code scanning at scale."

Provisioning organization-level larger runners for default setup

  1. Add a larger runner to your organization. For more information, see "Managing larger runners."
    • To add the code-scanning label to your larger runner, name the runner code-scanning. An organization can only have one larger runner with the code-scanning label, and that runner will handle all code scanning jobs from repositories within your organization with access to the runner's group.
  2. By default, all repositories in your organization have access to organization-level runners, meaning every repository can use your larger runner. For information on granting only select repositories access to a larger runner, see "Managing larger runners."
  3. You can now configure default setup for your organization and repositories, and your larger runner will automatically pick up code scanning jobs. For more information on configuring default setup, see "Configuring default setup for code scanning" and "Configuring default setup for code scanning at scale."