참고 항목
이 문서에서는 이 GitHub Enterprise Server 버전의 초기 릴리스에 포함된 CodeQL 작업과 관련 CodeQL CLI 번들의 버전에서 사용할 수 있는 기능을 설명합니다. 엔터프라이즈에서 더 최신 버전의 CodeQL 작업을 사용하는 경우, 최신 기능에 대한 자세한 내용은 이 문서의GitHub Enterprise Cloud 버전을 참조하세요. 최신 버전 사용에 대한 자세한 내용은 어플라이언스에 대한 코드 스캐닝 구성을(를) 참조하세요.
There are several approaches you can try to reduce the build time in a code scanning analysis.
Increase the memory or cores
You can increase the memory or disk space available on your runners. If you're using CodeQL for your code scanning analysis, you can review the recommended hardware resources for CodeQL to make sure your runners meet those requirements. For more information, see CodeQL을 실행하기 위한 권장 하드웨어 리소스.
Use matrix builds to parallelize the analysis
To speed up analysis of workflows that involve multiple jobs, you can modify your workflow to use a matrix. For more information, see 워크플로에서 작업 변형 실행.
The default CodeQL 분석 워크플로 uses a matrix of languages, which causes the analysis of each language to run in parallel. However, if you're using CodeQL with advanced setup and you have specified the languages you want to analyze directly in the "Initialize CodeQL" step, analysis of each language will happen sequentially. In this configuration, you can speed up your analysis by modifying your advanced setup workflow to use a matrix. For an example, see the workflow extract in Some languages were not analyzed with CodeQL advanced setup.
Reduce the amount of code being analyzed in a single workflow
Analysis time is typically proportional to the amount of code being analyzed. If you're using CodeQL with advanced setup, you can reduce the analysis time by reducing the amount of code being analyzed at once. For example, by excluding test code, or breaking analysis into multiple workflows that analyze only a subset of your code at a time.
Java, Kotlin, Go, C, C++, C# 같은 컴파일된 언어를 사용할 때 build-mode: autobuild 또는 build-mode: manual을(를) 사용하는 경우, CodeQL는 워크플로 실행 중에 빌드된 모든 코드를 분석합니다. 분석되는 코드의 양을 제한하려면 run 블록에 고유한 빌드 단계를 지정하여 분석하려는 코드만 빌드합니다. 사용자 고유의 빌드 단계 지정을 paths 및 paths-ignore 이벤트에서 pull_request 또는 push 필터를 사용하여 특정 코드가 변경된 경우에만 워크플로가 실행되도록 할 수 있습니다. 자세한 내용은 GitHub Actions에 대한 워크플로 구문을(를) 참조하세요.
JavaScript, Python 및 TypeScript와 같은 언어의 경우 CodeQL가 소스 코드를 컴파일하지 않고 분석하거나 컴파일된 언어를 사용하여 build-mode: none분석하는 데 사용할 코드의 양을 제한하는 추가 구성 옵션을 지정할 수 있습니다. 자세한 내용은 코드 검사를 위한 고급 설정을 사용자 지정하기을(를) 참조하세요.
If you split your CodeQL analysis into multiple workflows, we still recommend that you have at least one workflow which runs on a schedule which analyzes all of the code in your repository. Because CodeQL analyzes data flows between components, some complex security behaviors may only be detected on a complete build.
Run only during a schedule event
You may find that your analysis is slow during push or pull_request events. If so, you can set your analysis to only trigger on the schedule event. If you're using CodeQL for your code scanning analysis, you can configure this with an advanced setup workflow, but not in default setup. For more information, see GitHub Actions 이해.
Check which queries or rules the workflow runs
Another option to reduce analysis time is to run only the queries or rules that you consider critical in workflows that run on pull requests. If you use a third-party tool for code scanning, you should refer to the documentation for the tool.
In CodeQL, there are two main query suites available for each language. If you have optimized the CodeQL database build and the process is still too long, you could reduce the number of queries you run. The default query suite is run automatically: it provides the best possible compromise between quality and speed.
If you're using CodeQL with advanced setup, you may be running extra queries or query suites in addition to the default queries. Check whether the workflow defines an additional query suite or additional queries to run using the queries element. You can experiment with disabling the additional query suite or queries. For more information, see 코드 검사를 위한 고급 설정을 사용자 지정하기.