Skip to main content

使用 CodeQL 大规模为代码扫描配置高级设置

You can use a script to configure advanced setup for code scanning for a specific group of repositories in your organization.

谁可以使用此功能?

Code scanning 可用于 GitHub.com 上的所有公共存储库。 若要在组织拥有的专用存储库中使用 code scanning,必须具有 GitHub Advanced Security 许可证。 有关详细信息,请参阅“关于 GitHub 高级安全性”。

About configuring advanced setup for code scanning with CodeQL at scale

If you need to configure a highly customizable code scanning setup for many repositories in your organization, or if repositories in your organization are ineligible for default setup, you can configure code scanning at scale with advanced setup.

To configure advanced setup across multiple repositories, you can write a bulk configuration script. To successfully execute the script, GitHub Actions must be enabled for the organization or enterprise.

Alternatively, if you do not need granular control over the code scanning configuration for many repositories in your organization, you can quickly and easily configure code scanning at scale with default setup. For more information, see "Configuring default setup for code scanning at scale."

Using a script to configure advanced setup

For repositories that are not eligible for default setup, you can use a bulk configuration script to configure advanced setup across multiple repositories.

  1. Identify a group of repositories that can be analyzed using the same code scanning configuration. For example, all repositories that build Java artifacts using the production environment.
  2. Create and test a GitHub Actions workflow to call the CodeQL action with the appropriate configuration. For more information, see "Configuring advanced setup for code scanning."
  3. Use one of the example scripts create a custom script to add the workflow to each repository in the group.