About the CodeQL analysis workflow and compiled languages
Code scanning works by running queries against one or more CodeQL databases. Each database contains a representation of the code in a single language in your repository. For the compiled languages C/C++, C#, Go, Java, Kotlin, Rust (public preview), and Swift, the process of populating this database often involves building the code and extracting data.
When you enable code scanning, both default and advanced setup generate a CodeQL database for analysis using the simplest method available. For Java, the CodeQL database is generated directly from the codebase without requiring a build (none build mode). For other compiled languages, CodeQL builds the codebase using the autobuild build mode. Alternatively, you can use the manual build mode to specify explicit build commands to analyze only the files that are built by these custom commands.
CodeQL build modes
The CodeQL action supports three different build modes for compiled languages:
none- the CodeQL database is created directly from the codebase without building the codebase (supported for all interpreted languages, and additionally supported for Java).autobuild- CodeQL detects the most likely build method and uses this to attempt to build the codebase and create a database for analysis (supported for C/C++, C#, Go, Java, Kotlin, and Swift).manual- you define the build steps to use for the codebase in the workflow (supported for C/C++, C#, Go, Java, Kotlin, and Swift).
For language-specific autobuild behavior, runner requirements, and guidance for manual builds, see CodeQL build options and steps for compiled languages.