If your code scanning results are different than you expected, you may have both default and advanced setup configured for your repository. When you enable default setup, this disables the existing CodeQL workflow file and blocks any CodeQL API analysis from uploading results.
To check if default setup is enabled, navigate to the main page of the repository, then click Settings. In the "Security" section of the sidebar, click Advanced Security. In the "Code scanning" section of the page, next to "CodeQL analysis", click . If there is a Switch to advanced option, you are currently using default setup.
If you want to return to using advanced setup and get code scanning results from your custom workflow file, click Disable CodeQL to disable default setup. Then you should re-enable your pre-existing workflows to start triggering and uploading results from advanced setup. For more information, see 禁用和启用工作流 and 配置代码扫描的高级设置.
在某些情况下,存储库可能会使用多个code scanning配置。 这些配置可能会生成重复的警报。 此外,不再运行的过时配置将显示过时的警报状态,过时的警报将无限期保持打开状态。 为了避免警报过时,应从分支中删除移除过时的code scanning配置。 有关多个配置和删除过时配置的详细信息,请参阅“关于代码扫描警报”和“解决代码扫描警报”。