Repository files navigation

Configure your CodeQL workflows with a language matrix to simplify your code scanning workflows

In this course we will explore how you can configure CodeQL using configuration files. During this course, we will show you how to add a query pack to a CodeQL configuration file, as well as configure your workflow to reference that configuration file.

• Who is this for: Developers, security engineers, open source maintainers.
• What you'll learn: We'll show you how to configure your workflow to use a language matrix. We will also cover the autobuild action for compiled languages. This will allow you to have a single code scanning workflow that covers all the languages in your repository.
• What you'll build: A secure software development pipeline that has been tuned to your project's specific needs.
• Prerequisites: Knowledge of how the context and expressions work in workflows. You can learn more about this in theGitHub Actions documentation.
• How long: This course is 2 steps long and takes less than 30 minutes to complete.

1. Right-clickStart course and open the link in a new tab.
2. In the new tab, most of the prompts will automatically fill in for you.
   • For owner, choose your personal account or an organization to host the repository.
   • We recommend creating a public repository, as private repositories willuse Actions minutes.
   • Scroll down and click theCreate repository button at the bottom of the form.
3. After your new repository is created, wait about 20 seconds, then refresh the page. Follow the step-by-step instructions in the new repository's README.

Get help:Post in our discussion board •Review the GitHub status page

© 2024 GitHub •Code of Conduct •MIT License