- Avoid unnecessary scans of pull requests
- If you would like to speed up scan time several options are available to you:
- Increase the memory or cores. The CodeQL Action runs it's security queries in parallel, taking advantage of all cpu cores. Increased memory overhead can also speed up scans. Self-hosted GitHub Actions can be using to bring in larger machines until GitHub Hosted Runners supports more powerful machine types.
- Use matrix builds to parallelize the analysis
- Reduce the amount of code being analyzed in a single workflow
- Run only during a schedule event
- Run the CodeQL query suite that suites your needs (default, security-extended, security-and-quality).
- Utilize a custom CodeQL config to bring in custom queries or exclude queries you don't want from our prebuilt query packs.
- Utilize a custom CodeQL config to specify directories to scan
- Parallelize CodeQL Analysis within a Monorepo if directories contain self-contained apps
- PYTHON: Cache dependencies - Analyzing Python Dependencies Docs