About CodeQL query suites
With CodeQL code scanning, you can select a specific group of CodeQL queries, called a CodeQL query suite, to run against your code. The following built-in query suites are available through GitHub:
default
query suite.security-extended
query suite. This suite is referred to as the "Extended" query suite on GitHub.
Currently, both the default
query suite and the security-extended
query suite are available for default setup for code scanning. Additionally, organization owners and security managers can recommend a query suite for use with default setup throughout their organization. For more information on configuring default setup for individual repositories, see Configuring default setup for code scanning. For more information on configuring default setup at scale and recommending a query suite, see Configuring default setup for code scanning at scale.
To use a custom query suite, you must configure advanced setup for CodeQL code scanning. For more information on advanced setups and creating a query suite, see Configuring advanced setup for code scanning and Creating CodeQL query suites.
Built-in CodeQL query suites
The built-in CodeQL query suites, default
and security-extended
, are created and maintained by GitHub. Both of these query suites are available for every CodeQL-supported language. For more information on CodeQL-supported languages, see About code scanning with CodeQL.
default
query suite
- The
default
query suite is the group of queries run by default in CodeQL code scanning on GitHub. - The queries in the
default
query suite are highly precise and return few false positive code scanning results. Relative to thesecurity-extended
query suite, thedefault
suite returns fewer low-confidence code scanning results. - This query suite is available for use with default setup for code scanning.
security-extended
query suite
- The
security-extended
query suite consists of all the queries in thedefault
query suite, plus additional queries with slightly lower precision and severity. - Relative to the
default
query suite, thesecurity-extended
suite may return a greater number of false positive code scanning results. - This query suite is available for use with default setup for code scanning, and is referred to as the "Extended" query suite on GitHub.
Query lists for the default query suites
For each language, the following article lists which queries are included in the default
and the security-extended
suites. Where Copilot Autofix is available for a language, details of which queries are supported are also included.
- "C and C++ queries for CodeQL analysis"
- "C# queries for CodeQL analysis"
- "Go queries for CodeQL analysis"
- "Java and Kotlin queries for CodeQL analysis"
- "JavaScript and TypeScript queries for CodeQL analysis"
- "Python queries for CodeQL analysis"
- "Ruby queries for CodeQL analysis"
- "Swift queries for CodeQL analysis"