Troubleshooting CodeQL Errors

Question

CodeQL has reported errors or warnings when scanning my application. How do I resolve these errors?

Answer

There are a number of different error messages that may be reported by CodeQL. Common error messages will be listed here along with pointers to other technical notes that provide information on how to resolve those issues. Please see the page on How to view errors reported by CodeQL for details on viewing errors messages.

Error codes are sorted by the location where the errors are reported by CodeQL:

  • Tool health status, or
  • Result of running the CodeQL workflow

Error Codes

Please note that the following is not a complete list of error messages and will be expanded as more become known:

Error Code Location Error Message Notes
Tool Health Code Scanning results may be out of date [...]

This may be the result of an old scan or an old scanning configuration that may no longer be in use. Either a new scan must be performed or an old configuration must be deleted.

This error may affect the results of the scan.
Tool Health Could not process some files due to syntax errors [...] This error may affect the results of the scan.
Tool Health Could not process Kotlin files without a build [...]

The Kotlin files are not being built as part of the scan. The scanning process must be updated to build the files. This may require enabling autobuild or manual build modes. Please see the CodeQL documentation for more information.

This error may affect the results of the scan.
Tool Health [#] duplicate classes filtered out [...]

This error may affect the results of the scan.
Tool Health Low Java analysis quality [...]

CodeQL is scanning the Java code without building it, which may reduce the quality of the results. This may be resolved by building the code as part of the scan. Please see the CodeQL documentation for more information.

This error may affect the results of the scan.
Workflow Unexpected input(s) 'paths' [...] Please see the CodeQL documentation for more information about specifying directories to scan. Note that the paths directive belongs in either a configuration file or the config section of the workflow file.

Additional Notes

Some error messages may be the result of issues in the CodeQL tool. Confirmed issues are posted in this technical note.

If you are having trouble resolving a warning or error message, contact OIT.

References

  • See referenced technical notes