🛡️ Security Configurations: Run CodeQL with Default or Advanced Setup

[ghostinhershell]

Security configurations now support running CodeQL with either the default or advanced setup!

---

✨ What’s new?

• You can choose between default setup and advanced setup for CodeQL directly from your security configurations.

👥 Who is impacted?

• Anyone using CodeQL for code scanning and managing security configurations in their repositories.

💡 Why does this matter?

• This gives you flexibility to pick the setup that fits your project—whether you want simplicity or need more customization.

---

📚 Learn more

For more details, check out the GitHub Blog Changelog post.

---

💬 Questions or feedback?

Are you using the new setup options for CodeQL, or do you have questions about configuring code scanning? Add your thoughts below! If you found this post from the Blog article, you’re in the right place to connect with the GitHub Community team and product experts.

Let’s keep code security flexible and effective! 🔒✨

[amilochau]

Hey! That's a perfect feature to start with default settings for new repositories, ensuring that all repos have CodeQL enabled, but let repository owners define an advanced configuration. Thanks for that improvement!

However, I'm having trouble making it work. Although I now see the "Switch to advanced" option in the repository settings, the process fails because CodeQL can't be disabled ("Failed to disable code scanning default setup.") - which seems to be required to configure CodeQL Advanced settings. It's possible I’m missing something, but the current behavior isn’t what I expected. 😓

[ghostinhershell]

Hi @amilochau!

Is this still an issue for you? If so, try the following steps:

Steps to Fix the Error

1. Check the Current Configuration:

• Navigate to the repository's Settings.
• Under the Security section, click Advanced Security.
• Confirm whether the repository is currently using the Default setup for CodeQL analysis. If the Switch to advanced option is visible, it indicates that the default setup is active.

2. Disable Default Setup:

• In the Advanced Security settings, next to CodeQL analysis, click the menu (three dots) and select Disable CodeQL.
• If this action fails again, ensure there are no ongoing CodeQL workflows in the Actions tab. Cancel any running workflows related to CodeQL.

3. Clear Stale Configurations:

• If the repository has multiple configurations (e.g., both default and advanced setups), stale configurations might cause conflicts.
• Remove any stale configurations by following the steps in Resolving code scanning alerts.

4. Reapply the Security Configuration:

• After disabling the default setup, reapply the security configuration with the desired settings.
• Ensure that the configuration allows for advanced setup if you plan to use it.

5. Enable Advanced Setup:

• Once the default setup is disabled, navigate back to the Advanced Security settings.
• Select Set up > Advanced to enable advanced setup for CodeQL analysis.
• Customize the workflow file as needed and commit it to the repository.

6. Retry the Process:

• If the error persists, try re-enabling and then disabling the default setup to reset the configuration.

---

If that doesn't work, I recommend opening a ticket on our Support page as this may need to be investigated by someone on our engineering team.