Отключение автофикса для сканирования кода

About disabling autofix for code scanning

Code scanning autofix is a GitHub Copilot-powered expansion of code scanning that provides users with targeted recommendations to help them fix code scanning alerts in pull requests so they can avoid introducing new security vulnerabilities. To learn more about autofix for code scanning, see "About autofix for CodeQL code scanning."

Code scanning autofix is allowed by default in an enterprise and enabled for every repository that uses CodeQL, regardless of whether it uses default or advanced setup for code scanning. Administrators at the enterprise, organization and repository levels can choose to opt-out and disable autofix.

Note that disabling autofix at any level will close all open autofix comments from all open pull requests at the level that was disabled. If autofix is disabled and then subsequently enabled, autofix won't automatically suggest any fixes for pull requests that are already open. The suggestions will only be generated for pull requests that are opened after autofix is enabled, or after re-running CodeQL analysis on existing pull requests.

Blocking use of autofix for an enterprise

Enterprise administrators can disallow autofix for their enterprise. If you disallow autofix for an enterprise, autofix cannot be enabled for any organizations or repositories within the enterprise.

Note that allowing autofix for an enterprise does not enforce enablement of autofix, but means that organization and repository administrators will have the option to enable or disable autofix.

Disallowing autofix at the enterprise level will remove all open autofix comments from open pull requests across all repositories of all organizations within the enterprise.

1. In the top-right corner of GitHub.com, click your profile photo, then click Your enterprises.

2. In the list of enterprises, click the enterprise you want to view.

3. In the enterprise account sidebar, click Policies.

4. Under "Policies", click Code security and analysis.

5. Under "Autofix for CodeQL code scanning", use the dropdown menu to choose "Not allowed."

Disabling autofix for an organization

If autofix is allowed at the enterprise level, organization administrators have the option to disable autofix for an organization. If you disable autofix for an organization, autofix cannot be enabled for any repositories within the organization.

Note that disabling autofix at the organization level will remove all open autofix comments from open pull requests across all repositories in the organization.

1. In the upper-right corner of GitHub.com, select your profile photo, then click Your organizations.

   

2. Next to the organization, click Settings.

3. In the "Security" section of the sidebar, click Code security and analysis.

   Note

   If your organization is enrolled in the security configurations and global settings public beta, instead of "Code security and analysis", you will see a "Code security" dropdown menu. Select Code security, then click Global settings. For more information on global settings, see "Configuring global security settings for your organization."

4. Under the "Code scanning" section, deselect Autofix for CodeQL.

Disabling autofix for a repository

If autofix is allowed at the enterprise level and enabled at the organization level, repository administrators have the option to disable autofix for a repository. Disabling autofix at the repository level will remove all open autofix comments from all open pull requests across the repository.

1. On GitHub.com, navigate to the main page of the repository.

2. Under your repository name, click Settings. If you cannot see the "Settings" tab, select the dropdown menu, then click Settings.

   

3. In the "Security" section of the sidebar, click Code security and analysis.

4. In the "Code scanning" section, deselect Autofix for CodeQL.