Skip to main content
GitHub Docs
Search
Select language: current language is English
Open Search BarClose Search Bar
Open Menu
Open Sidebar
  • Code security/
  • GitHub security features
  • Audit security alerts
  • Trial secret scanning
  • Apply recommended configuration
  • Give access to private registries
    • Manage GHAS licenses
    • Active advanced setup
    • Secret scanning for partners
    • About alerts
    • Monitor alerts
    • Push protection in the GitHub UI
    • Troubleshoot secret scanning
    • Configure code scanning
    • Customize advanced setup
    • Code scanning in a container
    • Assess alerts
    • Code scanning tool status
    • Configure larger runners
    • Go CodeQL queries
    • Ruby CodeQL queries
    • Upload a SARIF file
    • Analysis takes too long
    • Enabling default setup takes too long
    • No source code seen during build
    • Results different than expected
    • Unclear what triggered a workflow
    • Default setup is enabled
    • Results exceed limits
      • Analyzing code
      • About CodeQL workspaces
      • Testing query help files
      • Query reference files
      • Exit codes
      • bqrs hash
      • database analyze
      • database export-diagnostics
      • database init
      • database trace-command
      • dataset cleanup
      • diagnostic add
      • execute queries
      • generate extensible-predicate-metadata
      • github upload-results
      • pack create
      • pack ls
      • pack upgrade
      • query run
      • resolve extractor
      • resolve metadata
      • resolve qlref
      • resolve upgrades
      • version
      • Run CodeQL queries
      • Custom query creation
      • Customize settings
      • Access logs
      • Browse Advisory Database
      • Configure for a repository
      • Evaluate repository security
      • Remove collaborators
      • Privately reporting
      • Dependency graph ecosystem support
      • Dependency submission API
      • Enforce dependency review
      • Securing accounts
      • Optimize Java packages
      • About auto-triage rules
      • Dependabot security updates
      • Configure version updates
      • Manage Dependabot PRs
      • Configure access to private registries
      • Remove access to public registries
      • Troubleshoot vulnerability detection
    • CodeQL query suites

    CodeQL query suites

    You can choose from different built-in CodeQL query suites to use in your CodeQL code scanning setup.

    Who can use this feature?

    CodeQL is available for the following repository types:

    • Public repositories on GitHub.com, see GitHub CodeQL Terms and Conditions
    • Organization-owned repositories on GitHub Enterprise Cloud with GitHub Advanced Security enabled

    In this article

    • About CodeQL query suites
    • Built-in CodeQL query suites
    • Query lists for the default query suites
    • Further reading

    About CodeQL query suites

    With CodeQL code scanning, you can select a specific group of CodeQL queries, called a CodeQL query suite, to run against your code. The following built-in query suites are available through GitHub:

    • default query suite.
    • security-extended query suite. This suite is referred to as the "Extended" query suite on GitHub.

    Currently, both the default query suite and the security-extended query suite are available for default setup for code scanning. Additionally, organization owners and security managers can recommend a query suite for use with default setup throughout their organization. For more information on configuring default setup for individual repositories, see Configuring default setup for code scanning at scale.

    To use a custom query suite, you must configure advanced setup for CodeQL code scanning. For more information on advanced setups and creating a query suite, see Creating CodeQL query suites.

    Built-in CodeQL query suites

    The built-in CodeQL query suites, default and security-extended, are created and maintained by GitHub. Both of these query suites are available for every CodeQL-supported language. For more information on CodeQL-supported languages, see About code scanning with CodeQL.

    default query suite

    • The default query suite is the group of queries run by default in CodeQL code scanning on GitHub.
    • The queries in the default query suite are highly precise and return few false positive code scanning results. Relative to the security-extended query suite, the default suite returns fewer low-confidence code scanning results.
    • This query suite is available for use with default setup for code scanning.

    security-extended query suite

    • The security-extended query suite consists of all the queries in the default query suite, plus additional queries with slightly lower precision and severity.
    • Relative to the default query suite, the security-extended suite may return a greater number of false positive code scanning results.
    • This query suite is available for use with default setup for code scanning, and is referred to as the "Extended" query suite on GitHub.

    Query lists for the default query suites

    For each language, the following article lists which queries are included in the default and the security-extended suites. Where Copilot Autofix is available for a language, details of which queries are supported are also included.

    • C and C++ queries for CodeQL analysis
    • C# queries for CodeQL analysis
    • Go queries for CodeQL analysis
    • Java and Kotlin queries for CodeQL analysis
    • JavaScript and TypeScript queries for CodeQL analysis
    • Python queries for CodeQL analysis
    • Ruby queries for CodeQL analysis
    • Swift queries for CodeQL analysis

    Further reading

    • Creating CodeQL query suites

    Help and support

    Did you find what you needed?

    Privacy
  • Status
  • Blog

    • Follow Lee on X/Twitter - Father, Husband, Serial builder creating AI, crypto, games & web tools. We are friends :) AI Will Come To Life!

    Check out: eBank.nz (Art Generator) | Netwrck.com (AI Tools) | Text-Generator.io (AI API) | BitBank.nz (Crypto AI) | ReadingTime (Kids Reading) | RewordGame | BigMultiplayerChess | WebFiddle | How.nz | Helix AI Assistant