About the problem
When you apply a security configuration and code scanning is defined as "Enabled with advanced setup allowed", each repository is checked to see if there is an existing, active, advanced setup.
- No change to code scanning if an active advanced setup configuration is detected.
- Default setup is enabled for repositories where advanced setup is inactive or absent.
Inactive or absent advanced setup
리포지토리가 다음 조건을 충족하는 경우 고급 설정은 리포지토리에 대해 비활성으로 간주됩니다.
- 최신 CodeQL 분석이 90일 이상 경과했습니다.
- 모든 CodeQL 구성이 삭제되었습니다.
- 워크플로 파일이 삭제되었거나 사용하지 않도록 설정되어 있습니다(작업을 사용하여 고급 설정을 실행하는 경우에만 해당).
Solving the problem
This solution has two parts:
-
Any repositories where default setup for code scanning was unexpectedly applied need to run CodeQL analysis at intervals of less than 90 days, for example, once a month.
Even if the repository is not under active development, new vulnerabilities may be identified by updates to CodeQL analysis.
-
Once the affected repositories all have CodeQL analysis running, you can reapply the security configuration.