Configure and use Code Scanning with CodeQL Questions
Practice questions for Configure and use Code Scanning with CodeQL topic in GitHub Advanced Security. 49 questions covering this domain.
Which built-in CodeQL query suite is designed to be more precise and return fewer false positives?
What happens if a repository switches from advanced setup to default setup for CodeQL?
An organization assigns a self-hosted runner to a repository that already uses code scanning default setup. What must be done before default setup sta...
If a third-party analysis tool wants to upload results to GitHub code scanning, which output format must it provide?
Which prerequisite combination makes a repository eligible for code scanning default setup?
A repository enables default setup, but analyses fail for every CodeQL-supported language in the repository. What happens next?
When can a code scanning alert appear directly in a pull request?
What extra insight do CodeQL data-flow alerts provide?
If a CodeQL alert has both a general `severity` and a `security severity`, which value does GitHub display and use in preference?
Which code type is included in the list of CodeQL-supported languages?
A maintainer wants a single place to inspect code scanning coverage, see tool-specific error messages, and download CSV reports of analyzed files or r...
A workflow uploads two SARIF result files from the same tool using the same category in one run. What should the author expect?
Which language is currently supported by CodeQL on GitHub?
What version family of SARIF does GitHub code scanning support for uploads?
A team enabled CodeQL default setup and later assigned self-hosted runners with the code-scanning label, but default setup still does not use them. Wh...
Under CodeQL default setup, which branch push events are scanned by default?
What recurring schedule does CodeQL default setup add automatically?
A third-party scanner uploads SARIF directly through the API and duplicate alerts appear between runs. Which data is most important for stable dedupli...
A repository wants more built in CodeQL coverage than the default suite provides. Which suite adds lower precision and lower severity queries?
A team wants to define its own CodeQL suite file instead of using only built in suites. What setup type is required?
Sign in to see all 49 questions
Create a free account to browse all questions — completely free during our launch phase.