| title | shortTitle | intro | product | versions | redirect_from | type | topics | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
CodeQL query suites |
CodeQL query suites |
You can choose from different built-in {% data variables.product.prodname_codeql %} query suites to use in your {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %} setup. |
{% data reusables.gated-features.codeql %} |
|
|
reference |
|
With {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %}, you can select a specific group of {% data variables.product.prodname_codeql %} queries, called a {% data variables.product.prodname_codeql %} query suite, to run against your code. The following built-in query suites are available through {% data variables.product.prodname_dotcom %}:
defaultquery suite.security-extendedquery suite. This suite is referred to as the "Extended" query suite on {% data variables.product.prodname_dotcom %}.
Currently, both the default query suite and the security-extended query suite are available for default setup for {% data variables.product.prodname_code_scanning %}. {% ifversion bulk-code-scanning-query-suite %}Additionally, organization owners and security managers can recommend a query suite for use with default setup throughout their organization. For more information on configuring default setup for individual repositories, see "AUTOTITLE." For more information on configuring default setup at scale and recommending a query suite, see "AUTOTITLE."{% else %}For more information on default setup, see "AUTOTITLE" and "AUTOTITLE."{% endif %}
To use a custom query suite, you must configure advanced setup for {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %}. For more information on advanced setups and creating a query suite, see "AUTOTITLE" and "AUTOTITLE."
The built-in {% data variables.product.prodname_codeql %} query suites, default and security-extended, are created and maintained by {% data variables.product.prodname_dotcom %}. Both of these query suites are available for every {% data variables.product.prodname_codeql %}-supported language. For more information on {% data variables.product.prodname_codeql %}-supported languages, see "AUTOTITLE."
- The
defaultquery suite is the group of queries run by default in {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %} on {% data variables.product.prodname_dotcom %}. - The queries in the
defaultquery suite are highly precise and return few false positive {% data variables.product.prodname_code_scanning %} results. Relative to thesecurity-extendedquery suite, thedefaultsuite returns fewer low-confidence {% data variables.product.prodname_code_scanning %} results. - This query suite is available for use with default setup for {% data variables.product.prodname_code_scanning %}.
- The
security-extendedquery suite consists of all the queries in thedefaultquery suite, plus additional queries with slightly lower precision and severity. - Relative to the
defaultquery suite, thesecurity-extendedsuite may return a greater number of false positive {% data variables.product.prodname_code_scanning %} results. - This query suite is available for use with default setup for {% data variables.product.prodname_code_scanning %}, and is referred to as the "Extended" query suite on {% data variables.product.prodname_dotcom %}.
For each language, the following article lists which queries are included in the default and the security-extended suites. {% ifversion code-scanning-autofix %}Where {% data variables.product.prodname_copilot_autofix_short %} is available for a language, details of which queries are supported are also included.{% endif %}
{% data reusables.code-scanning.codeql-query-tables.links-to-all-tables %}