About setup types for code scanning

Depending on your needs, GitHub offers a default or advanced setup for code scanning.

En este artículo

About default setup

Default setup for code scanning is the quickest, easiest, most low-maintenance way to enable code scanning for your repository. Based on the code in your repository, default setup will automatically create a custom code scanning configuration. After enabling default setup, the code written in CodeQL-supported languages in your repository will be scanned:

  • On each push to the repository's default branch, or any protected branch. For more information on protected branches, see Acerca de las ramas protegidas.
  • When creating or committing to a pull request based against the repository's default branch, or any protected branch, excluding pull requests from forks.
  • On a weekly schedule.

If you need more granular control over your code scanning configuration, you should instead configure advanced setup.

Supported languages

Se recomienda habilitar la configuración predeterminada para repositorios aptos si hay alguna posibilidad de que los repositorios incluyan al menos un lenguaje compatible con CodeQL en el futuro. Si habilitas la configuración predeterminada en un repositorio que no incluya ningún lenguaje compatible con CodeQL, la configuración predeterminada no ejecutará ningún análisis ni usará ningún minuto de GitHub Actions. Si los idiomas compatibles con CodeQL se agregan a la reama predeterminada del repositorio, la configuración predeterminada comenzará automáticamente a analizar los idiomas compatibles con CodeQL y a usar minutos de GitHub Actions. Para más Información sobre los lenguajes compatibles con CodeQL, consulta Acerca del examen de código con CodeQL.

If the code in a repository changes to include any CodeQL-supported languages, GitHub will automatically update the code scanning configuration to include the new language. If code scanning fails with the new configuration, GitHub will resume the previous configuration automatically so the repository does not lose code scanning coverage.

Available runners

You can use default setup for all CodeQL-supported languages on self-hosted runners or GitHub-hosted runners.

You can assign self-hosted runners for default setup by giving the runners the default code-scanning label, or you can optionally give them custom labels so that individual repositories can use different runners.

Unless you have a specific use case, we recommend that you only assign runners with the default code-scanning label. However, you may want to use custom labels to:

  • Assign more powerful self-hosted runners to critical repositories for faster code scanning analysis.
  • Run your code scanning analyses on a particular platform (for example, macOS).
  • Have granular control over the workload for your GitHub-hosted runners and self-hosted runners.

About advanced setup

Advanced setup for code scanning is helpful when you need to customize your code scanning. By creating and editing a workflow file, you can define how to build compiled languages, choose which queries to run, select the languages to scan, use a matrix build, and more. You also have access to all the options for controlling workflows, for example: changing the scan schedule, defining workflow triggers, specifying specialist runners to use.

Your site administrator can also make third-party actions available to users for code scanning, by setting up GitHub Connect. For more information, see Configuración la digitalización de código para el dispositivo.

Si ejecutas el análisis de código mediante varias configuraciones, en ocasiones una alerta tendrá varios orígenes de análisis. Si una alerta tiene varios orígenes de análisis, puede ver el estado de la alerta para cada origen de análisis en la página de alertas. Para más información, consulta Acerca de las alertas de análisis de código.

Next steps

You can enable default setup for a single repository, multiple repositories, or all repositories in an organization at the same time.

To configure advanced setup instead, see Establecimiento de la configuración avanzada para el examen del código.