A repository is using advanced setup for code scanning

You see an error when you try to attach a security configuration with default code scanning enabled to repositories that use advanced setup for code scanning.

Wer kann dieses Feature verwenden?

Organisationsbesitzerinnen, Sicherheitsmanagerinnen und Organisationsmitglieder mit der Administratorrolle

In diesem Artikel

About the problem

You cannot successfully apply a security configuration with code scanning default setup set to "Enabled" to a target repository that has an active configuration of advanced setup for code scanning. Advanced setups are tailored to the specific security needs of the repositories they are applied to, so they are not intended to be overridden at scale.

Active advanced setup

If you try to attach a security configuration with code scanning set to "Enabled" to a repository that already uses advanced setup, security settings will be applied as follows:

  • Code scanning default setup will not be enabled, and advanced setup will continue to run as normal.
  • All other security features enabled in the configuration will be enabled.
  • The security configuration will not be attached to the repository, since only some features from the configuration are enabled.

Inactive or absent advanced setup

Ein erweitertes Setup gilt für ein Repository als inaktiv, wenn das Repository eines der folgenden Kriterien erfüllt:

  • Die letzte CodeQL-Analyse ist über 90 Tage alt.
  • Alle CodeQL-Konfigurationen wurden gelöscht.
  • Die Workflowdatei wurde gelöscht oder deaktiviert (ausschließlich für die erweiterte Setupausführung mithilfe von Aktionen).

If there is no advanced setup or the advanced setup is inactive, then default setup is enabled and the security configuration applied as expected.

Solving the problem

There are three ways you could solve this problem:

  1. Change the Default setup option from "Enabled" to "Enabled with advanced setup allowed" in the security configuration. Option available from GitHub Enterprise Server 3.19. After editing your security configuration, reapply it to the repositories. For more information, see Applying a custom security configuration.
  2. Update the affected repositories to use default setup for code scanning at the repository level and then reapply your security configuration to the repositories. For more information, see Konfigurieren des Standardsetups für das Codescanning.
  3. Create a new custom security configuration that does not include a setting for code scanning and apply this security configuration to repositories that use advanced setup. For more information, see Creating a custom security configuration.