actions/codeql-action
1
0
Fork 0
mirror of https://github.com/github/codeql-action synced 2026-05-25 15:00:36 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3499 from github/sam-robson/document-version-pinning-risk

Browse Source 
docs: guidance on keeping the CodeQL Action up to date
This commit is contained in:
Sam Robson
2026-02-23 10:34:02 +00:00
committed by GitHub
parent 710e294578 c9223eb0a0
commit 4ea06e96f5
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+7
View File
@@ -80,6 +80,13 @@ We typically release new minor versions of the CodeQL Action and Bundle when a n
See the full list of GHES release and deprecation dates at [GitHub Enterprise Server releases](https://docs.github.com/en/enterprise-server/admin/all-releases#releases-of-github-enterprise-server).
## Keeping the CodeQL Action up to date
We recommend referencing the CodeQL Action using a major version tag (e.g. `v3`) in your workflow file. This ensures your workflow automatically picks up the latest release within that major version, including bug fixes, new features, and updated CodeQL CLI versions.
If you pin to a specific commit SHA or patch version tag, ensure you keep it updated (e.g. via [Dependabot](https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot)). Some CodeQL Action features are controlled by server-side flags that may be removed over time, which can cause pinned versions to lose functionality.
## Troubleshooting
Read about [troubleshooting code scanning](https://docs.github.com/en/code-security/code-scanning/troubleshooting-code-scanning).