{% data reusables.code-scanning.codeql-action-version-ghes %}

There are several approaches you can try to reduce the build time in a {% data variables.product.prodname_code_scanning %} analysis.

{% ifversion fpt or ghec %}

If you're using {% data variables.product.company_short %}-hosted runners for your {% data variables.product.prodname_code_scanning %} analysis, consider upgrading to {% data variables.actions.hosted_runners %}. These are {% data variables.product.company_short %}-hosted runners with more RAM, CPU, and disk space than standard runners. For more information about {% data variables.actions.hosted_runners %} and {% data variables.product.prodname_code_scanning %}, see "AUTOTITLE" and "AUTOTITLE."

If you're using self-hosted runners to run {% data variables.product.prodname_code_scanning %} analysis, you can increase the memory or the number of cores on those runners. If you're using {% data variables.product.prodname_codeql %} with advanced setup for your analysis, review the recommended hardware resources for {% data variables.product.prodname_codeql %} to make sure your self-hosted runners meet those requirements. For more information, see "AUTOTITLE."

{% elsif ghes %}

You can increase the memory or disk space available on your runners. If you're using {% data variables.product.prodname_codeql %} for your {% data variables.product.prodname_code_scanning %} analysis, you can review the recommended hardware resources for {% data variables.product.prodname_codeql %} to make sure your runners meet those requirements. For more information, see "AUTOTITLE."

{% endif %}

To speed up analysis of workflows that involve multiple jobs, you can modify your workflow to use a matrix. For more information, see "AUTOTITLE."

The default {% data variables.code-scanning.codeql_workflow %} uses a matrix of languages, which causes the analysis of each language to run in parallel. However, if you're using {% data variables.product.prodname_codeql %} with advanced setup and you have specified the languages you want to analyze directly in the "Initialize CodeQL" step, analysis of each language will happen sequentially. In this configuration, you can speed up your analysis by modifying your advanced setup workflow to use a matrix. For an example, see the workflow extract in "AUTOTITLE."

Analysis time is typically proportional to the amount of code being analyzed. If you're using {% data variables.product.prodname_codeql %} with advanced setup, you can reduce the analysis time by reducing the amount of code being analyzed at once. For example, by excluding test code, or breaking analysis into multiple workflows that analyze only a subset of your code at a time.

{% data reusables.code-scanning.alerts-found-in-generated-code %}

If you split your {% data variables.product.prodname_codeql %} analysis into multiple workflows, we still recommend that you have at least one workflow which runs on a schedule which analyzes all of the code in your repository. Because {% data variables.product.prodname_codeql %} analyzes data flows between components, some complex security behaviors may only be detected on a complete build.

You may find that your analysis is slow during push or pull_request events. If so, you can set your analysis to only trigger on the schedule event. If you're using {% data variables.product.prodname_codeql %} for your {% data variables.product.prodname_code_scanning %} analysis, you can configure this with an advanced setup workflow, but not in default setup. For more information, see "AUTOTITLE."

Another option to reduce analysis time is to run only the queries or rules that you consider critical in workflows that run on pull requests. If you use a third-party tool for {% data variables.product.prodname_code_scanning %}, you should refer to the documentation for the tool.

In {% data variables.product.prodname_codeql %}, there are two main query suites available for each language. If you have optimized the {% data variables.product.prodname_codeql %} database build and the process is still too long, you could reduce the number of queries you run. The default query suite is run automatically: it provides the best possible compromise between quality and speed.

If you're using {% data variables.product.prodname_codeql %} with advanced setup, you may be running extra queries or query suites in addition to the default queries. Check whether the workflow defines an additional query suite or additional queries to run using the queries element. You can experiment with disabling the additional query suite or queries. For more information, see "AUTOTITLE."