GitHub code scanning with CodeQL works seamlessly with GitHub Actions. For users of other CI/CD systems, we provided a way to run the code analysis using the CodeQL runner. The CodeQL runner acts as the glue between your CI/CD system and the CodeQL analysis engine (CLI).
In response to customer feedback, we have now transferred all CodeQL runner functionality natively into the CodeQL CLI. This means that there are fewer components to install, use, and update if you're running CodeQL code scanning on a 3rd party CI/CD system.
As of CodeQL CLI 2.6.2 (released today), there is now full feature parity between the CodeQL CLI and the runner. We are therefore announcing the deprecation of the CodeQL runner. This affects users of 3rd party CI/CD systems; users of CodeQL code scanning on GitHub Actions are not affected.
Deprecation timeline: GitHub Enterprise Server (GHES)
The CodeQL runner will continue to be part of the GitHub Enterprise Server releases up to and including the 3.3.x series. It will no longer be part of GitHub Enterprise Server starting the 3.4.0 (scheduled for 2022). The CodeQL CLI is a feature-complete replacement for the CodeQL runner, and is fully compatible with GitHub Enterprise Server.
Deprecation timeline: GitHub.com (including GitHub Enterprise Cloud)
The CodeQL bundle will continue to contain the CodeQL runner until March 2022. In the run-up to the final release we will start displaying clear deprecation warnings. After March 2022, code scanning API change on GitHub.com will likely not be compatible with older CodeQL runner releases. The CodeQL CLI is a feature-complete replacement for the CodeQL runner, and is fully compatible with GitHub.com.
How does this affect me?
If you’re using CodeQL code scanning on GitHub Actions, you are not affected by this change.
If you’ve configured code scanning to run the CodeQL runner inside another CI/CD system, we recommend migrating to the CodeQL CLI as soon as possible. Version 2.6.2 of the CodeQL CLI has full feature parity with the CodeQL runner and allows you to analyze codebases on 3rd party CI/CD systems in the same way as the CodeQL runner.
New users of CodeQL code scanning should use CodeQL CLI version >= 2.6.2.
What actions should I take?
You should configure your CI/CD system to use the CodeQL CLI before March 2022 and/or before upgrading to GHES 3.4.0. When setting up the CodeQL CLI, we recommend that you test the CodeQL CLI set up to verify that the CLI is correctly configured to create and analyze databases.
Learn more about how to migrate from the CodeQL runner to CodeQL CLI 2.6.2 here.