About configuring code scanning with CodeQL at scale
To configure code scanning across multiple repositories, you can write a bulk configuration script. To successfully execute the script, GitHub Actions must be enabled for the site.
Using a script to configure code scanning
- Identify a group of repositories that can be analyzed using the same code scanning configuration. For example, all repositories that build Java artifacts using the production environment.
- Create and test a GitHub Actions workflow to call the CodeQL action with the appropriate configuration. For more information, see "Configuring code scanning."
- Use one of the example scripts create a custom script to add the workflow to each repository in the group.
- PowerShell example:
jhutchings1/Create-ActionsPRs
repository - NodeJS example:
nickliffen/ghas-enablement
repository
- PowerShell example: