When rolling out code scanning default setup at scale (e.g., via code security configurations), GitHub checks if an advanced CodeQL setup already exists for each repository. If an advanced setup exists, GitHub retains it and does not enable the default setup.
Starting today, it will be easier to understand if a repository will be converted during an at scale rollout.
Previously, GitHub would consider a repository to be using an advanced setup if the repository had ever had a CodeQL analysis. After this change, a repository is now considered as using an advanced CodeQL setup only if:
In the last 90 days, there has been a CodeQL analysis for the default branch, and
the workflow file associated with the latest CodeQL analysis in the default branch has not been deleted or disabled.
How does this affect me?
The improvements to the detection of existing CodeQL setups impacts you only if you are doing a rollout of code scanning at scale using (e.g.,) code security configurations and had previously used CodeQL via an advanced setup on some of your repositories.
If you are doing a rollout at scale, and want a repository to be considered for conversion to default setup, you can now delete or disable the associated yml file or you can delete the associated configurations for API-based advanced setups.
These changes will simplify enabling default setup at scale by increasing the number of repositories that are converted from advanced to default setup during an at scale rollout.
How do I convert my repo from advanced setup to default setup?
You can always enable default setup at the repository level. If there is a yml workflow file in the repository, GitHub will disable it for you. If you are doing API uploads, however, you need to adjust your CI/CD systems to stop submitting analyses. Note that while default setup is enabled, all CodeQL uploads via the API will be rejected.
How do I convert my repos from advanced setup to default setup at scale?
Code security configurations will be made generally available (GA) on July 10th, 2024. At that point, we will sunset the organization-level code security settings UI experience along with the API parameters that complemented it.
If you are currently using the Update an organization REST API endpoint to set default security settings for new repositories, or the Get an organization REST API endpoint to retrieve current defaults for security settings on new repositories, those parameters will now be ignored. The parameters will be removed entirely in the next version of the REST API.
Your previous default settings in your organization have been saved to a code security configuration called “Legacy” and will continue to apply. To change the default security settings for new repositories, use the code security configurations UI, the configurations API, or the unaffected enterprise-level security settings.
GitHub Copilot Enterprise subscribers in Visual Studio can now use Copilot Chat to get answers enriched with context from Copilot knowledge bases. To try out this functionality, you’ll need to be running Visual Studio 17.11 Preview 3 or later.
You can access a knowledge base from any Copilot Chat conversation by typing @github, pressing the # key, selecting a knowledge base from the autocomplete, and then entering your question. Copilot will respond, using the Markdown documentation in your knowledge base as context for its answer.