Recent scan not available

Question

What does the CodeQL scan issue “Recent scan not available” mean and how can I detect it?

Answer

All languages an application uses that are scannable by CodeQL must have a CodeQL scan performed within 30 days of requesting a scan validation.

This scan issue indicates that for one or more languages in the application, the most recent CodeQL scan is older than 30 days.

How to detect

The following steps may be taken to determine when the last scan was performed for each language in a repository:

  • Navigate to your application’s GitHub repository and select the “Security” tab:

    Image of tab that says Security

  • On the left-hand side of the “Security overview” page will be a section showing the number of open vulnerability alerts. Select the “Code scanning” menu item to view the alerts:

    Image of vulnerability alert menu with code scanning highlighted

  • Near the top of the page is the Tool Status bar. Select the “Tools” button:

    Image of tool status bar with `Tools` button highlighted.

  • You should now see a CodeQL page that shows “Scanned files” and “Setup types”. Click on the “Setup type”. If there is more than one, select the one relevant to the scan to be reviewed:

    Image of setup types section of page.

  • Along the left-hand side of the page there should be a “Configurations” section that lists the different scans performed and their last scan date. If the last scan date for any configuration is more than 30 days, this is an issue and must be resolved.

    Image of configurations section of page with an old scan date.