CodeQL query suites

You can choose from different built-in CodeQL query suites to use in your CodeQL code scanning setup.

Quem pode usar esse recurso?

O CodeQL está disponível para os seguintes tipos de repositórios:

Neste artigo

About CodeQL query suites

With CodeQL code scanning, you can select a specific group of CodeQL queries, called a CodeQL query suite, to run against your code. The following built-in query suites are available through GitHub:

  • default query suite.
  • security-extended query suite. This suite is referred to as the "Extended" query suite on GitHub.

Currently, both the default query suite and the security-extended query suite are available for default setup for code scanning. Additionally, organization owners and security managers can recommend a query suite for use with default setup throughout their organization. For more information on configuring default setup for individual repositories, see Como definir a configuração padrão da verificação de código. For more information on configuring default setup at scale and recommending a query suite, see Como definir a configuração padrão da verificação de código em escala.

To use a custom query suite, you must configure advanced setup for CodeQL code scanning. For more information on advanced setups and creating a query suite, see Como definir a configuração avançada para verificação de código and Como criar conjuntos de consultas do CodeQL.

Built-in CodeQL query suites

The built-in CodeQL query suites, default and security-extended, are created and maintained by GitHub. Both of these query suites are available for every CodeQL-supported language. For more information on CodeQL-supported languages, see About code scanning with CodeQL.

default query suite

  • The default query suite is the group of queries run by default in CodeQL code scanning on GitHub.
  • The queries in the default query suite are highly precise and return few false positive code scanning results. Relative to the security-extended query suite, the default suite returns fewer low-confidence code scanning results.
  • This query suite is available for use with default setup for code scanning.

security-extended query suite

  • The security-extended query suite consists of all the queries in the default query suite, plus additional queries with slightly lower precision and severity.
  • Relative to the default query suite, the security-extended suite may return a greater number of false positive code scanning results.
  • This query suite is available for use with default setup for code scanning, and is referred to as the "Extended" query suite on GitHub.

For a complete list of queries included in each query suite for every language, see Consultas para análise de CodeQL.

Further reading