- Avoid unnecessary scans of pull requests
- If you would like to speed up scan time several options are available to you:
- Increase the memory or cores. The CodeQL Action runs it's security queries in parallel, taking advantage of all cpu cores. Increased memory overhead can also speed up scans. Larger GitHub Runners or Self-hosted GitHub Actions can be using to bring in larger machines.
- Use matrix builds to parallelize the analysis
- Reduce the amount of code being analyzed in a single workflow
- Run only during a schedule event
- Run the CodeQL query suite that suites your needs (default, security-extended, security-and-quality).
- Utilize a custom CodeQL config to bring in custom queries or exclude queries you don't want from our prebuilt query packs.
- Utilize a custom CodeQL config to specify directories to scan
- Parallelize CodeQL Analysis within a Monorepo if directories contain self-contained apps
- PYTHON: Cache dependencies - Analyzing Python Dependencies Docs
- The monorepo-filtering-workaround action can mark each project with a unique scanning tool name, and then filter the results in the GitHub Security tab by that tool to only show results for a specific project.