Logseq Matryca Parser (v1.6.0+) uses GitHub CodeQL default setup for static analysis (SAST) on Python.
GitHub does not allow default setup and a custom advanced CodeQL workflow at the same time. Uploading SARIF from .github/workflows/codeql.yml fails with:
CodeQL analyses from advanced configurations cannot be processed when the default setup is enabled
Default setup is the recommended path for this repository: GitHub maintains the analysis configuration, runs on current runner images (Node 24+), and scans Python without duplicating CI.
- Security → Code scanning on the repository
- CodeQL status page for coverage and run history
Only if you need a custom codeql.yml (extra queries, manual build steps, etc.):
- Settings → Advanced Security → Code scanning
- Next to CodeQL analysis, open the menu and choose Disable CodeQL (disables default setup)
- Add or restore
.github/workflows/codeql.ymlusing github/codeql-action v4 or newer
Do not re-enable default setup while an advanced workflow is active.
SECURITY.md— vulnerability reportingCONTRIBUTING.md— local quality gates (make all)GOOD_FIRST_ISSUES.md— starter tasks for new contributors- Troubleshooting: default setup enabled