存储库正在使用现有高级设置进行代码扫描

尝试将启用了默认代码扫描的 security configuration 附加到对代码扫描使用高级设置的存储库时出现错误。

谁可以使用此功能?

具有管理员角色的组织所有者、安全管理员和组织成员

本文内容

About the problem

You cannot successfully apply a security configuration with code scanning default setup set to "Enabled" to a target repository that has an active configuration of advanced setup for code scanning. Advanced setups are tailored to the specific security needs of the repositories they are applied to, so they are not intended to be overridden at scale.

Active advanced setup

If you try to attach a security configuration with code scanning set to "Enabled" to a repository that already uses advanced setup, security settings will be applied as follows:

  • Code scanning default setup will not be enabled, and advanced setup will continue to run as normal.
  • All other security features enabled in the configuration will be enabled.
  • The security configuration will not be attached to the repository, since only some features from the configuration are enabled.

Inactive or absent advanced setup

Advanced setup is considered inactive for a repository if the repository meets any of the following criteria:

  • The latest CodeQL analysis is more than 90 days old.
  • All CodeQL configurations have been deleted.
  • The workflow file has been deleted or disabled (exclusively for advanced setup run using actions).

If there is no advanced setup or the advanced setup is inactive, then default setup is enabled and the security configuration applied as expected.

Solving the problem

There are three ways you could solve this problem:

  1. Change the Default setup option from "Enabled" to "Enabled with advanced setup allowed" in the security configuration. Option available from GitHub Enterprise Server 3.19. After editing your security configuration, reapply it to the repositories. For more information, see Applying a custom security configuration.
  2. Update the affected repositories to use default setup for code scanning at the repository level and then reapply your security configuration to the repositories. For more information, see Configuring default setup for code scanning.
  3. Create a new custom security configuration that does not include a setting for code scanning and apply this security configuration to repositories that use advanced setup. For more information, see Creating a custom security configuration.