Built-in CodeQL query suites

About CodeQL query suites

With CodeQL code scanning, you can select a specific group of CodeQL queries, called a CodeQL query suite, to run against your code. The following built-in query suites are available through GitHub:

• the default query suite.
• the security-extended query suite.

Currently, both the default query suite and the security-extended query suite are available for the default setup for code scanning. For more information on the default setup, see "Configuring code scanning for a repository."

To use a custom query suite, you must create an advanced setup for CodeQL code scanning. For more information on advanced setups and creating a query suite, see "Configuring code scanning for a repository" and "Creating CodeQL query suites."

Built-in CodeQL query suites

The built-in CodeQL query suites, default and security-extended, are created and maintained by GitHub. Both of these query suites are available for every CodeQL-supported language. For more information on CodeQL-supported languages, see "About code scanning with CodeQL."

default query suite

• The default query suite is the group of queries run by default in CodeQL code scanning on GitHub.
• The queries in the default query suite are highly precise and return few false positive code scanning results. Relative to the security-extended query suite, the default suite returns fewer low-confidence code scanning results.
• This query suite is available for use with the default setup for code scanning.

security-extended query suite

• The security-extended query suite consists of all the queries in the default query suite, plus additional queries with slightly lower precision and severity.
• Relative to the default query suite, the security-extended suite may return a greater number of false positive code scanning results.
• This query suite is available for use with the default setup for code scanning.

Further reading

• "Creating CodeQL query suites"