Изменение конфигурации настройки по умолчанию

В этой статье

You can edit your existing configuration of default setup for code scanning to better meet your code security needs.

Code scanning is available for all public repositories on GitHub.com. Code scanning is also available for private repositories owned by organizations that use GitHub Enterprise Cloud and have a license for GitHub Advanced Security. For more information, see "About GitHub Advanced Security."

About editing your configuration of default setup

After running an initial analysis of your code with default setup, you may need to make changes to your configuration to better meet your code security needs. For existing configurations of default setup, you can edit:

  • Which languages default setup will analyze.
  • The query suite run during analysis. For more information on the available query suites, see "Built-in CodeQL query suites."

If your codebase depends on a library or framework that is not recognized by the standard libraries included with CodeQL, you can also extend the CodeQL coverage in default setup using CodeQL model packs. For more information, see "Extending CodeQL coverage with CodeQL model packs in default setup."

If you need to change any other aspects of your code scanning configuration, consider configuring advanced setup. For more information, see "Configuring advanced setup for code scanning."

Customizing your existing configuration of default setup

  1. On GitHub.com, navigate to the main page of the repository.

  2. Under your repository name, click Settings. If you cannot see the "Settings" tab, select the dropdown menu, then click Settings.

    Screenshot of a repository header showing the tabs. The "Settings" tab is highlighted by a dark orange outline.

  3. In the "Security" section of the sidebar, click Code security and analysis.

  4. In the "CodeQL analysis" row of the "Code scanning" section, select , then click View CodeQL configuration.

  5. In the "CodeQL default configuration" window, click Edit.

  6. Optionally, in the "Languages" section, select or deselect languages for analysis.

  7. Optionally, in the "Query suites" section, select a different query suite to run against your code.

  8. To update your configuration, as well as run an initial analysis of your code with the new configuration, click Save changes. All future analyses will use your new configuration.

Extending CodeQL coverage with CodeQL model packs in default setup

Note: Model packs are currently in beta and subject to change. During the beta, model packs are supported only by Java analysis.

If you use frameworks and libraries that are not recognized by the standard libraries included with CodeQL, you can model your dependencies and extend code scanning analysis. For more information, see Supported languages and frameworks in the documentation for CodeQL.

For default setup, you need to define the models of your additional dependencies in a CodeQL model pack in your repository. For more information about CodeQL model packs and writing your own, see Using the CodeQL model editor in the CodeQL documentation.

To use CodeQL model packs with default setup, place them in the .github/codeql/extensions directory. They will be automatically detected and used in your code scanning analysis. If you later change your configuration to use advanced setup, any data extensions in the .github/codeql/extensions directory will still be recognized and used.