Using a script to enable advanced setup
For repositories that are not eligible for default setup, you can use a bulk configuration script to enable advanced setup across multiple repositories.
メモ
To successfully execute the script, GitHub Actions must be enabled for the instance.
- Identify a group of repositories that can be analyzed using the same code scanning configuration. For example, all repositories that build Java artifacts using the production environment.
- Create and test a GitHub Actions workflow to call the CodeQL action with the appropriate configuration. For more information, see Configuring advanced setup for code scanning.
- Use one of the example scripts or create a custom script to add the workflow to each repository in the group.
- GitHub CLI extension:
advanced-security/gh-add-files - Python example:
Malwarebytes/ghas-clirepository - NodeJS example:
nickliffen/ghas-enablementrepository - PowerShell example:
jhutchings1/Create-ActionsPRsrepository
- GitHub CLI extension:
Next steps
メモ
CodeQL model packs are currently in beta and subject to change. Model packs are supported for C/C++, C#, Java/Kotlin, Python, and Ruby analysis.
The CodeQL model editor in the CodeQL extension for Visual Studio Code supports modeling dependencies for C#, Java/Kotlin, Python, and Ruby.
If your codebase depends on a library or framework that is not recognized by the standard queries in CodeQL, you can extend the CodeQL coverage in your bulk configuration script by specifying published CodeQL model packs. For more information, see Customizing your advanced setup for code scanning.