When you start running CodeQL scans on your Azure DevOps environment on self-hosted runners, you’ll learn that you have to do one extra step and that is install (and keep up to date!) the CodeQL bundle on your self-hosted runners.
If you don’t do this, you’ll get an error like this:
Following the url in the error will bring you to the docs where you might notice the following three bullets:
_work/_tool: ./CodeQL/0.0.0-[codeql-release-bundle-tag (i.e. codeql-bundle-v2.14.2)]/x64/
./CodeQL/0.0.0-[codeql-release-bundle-tag (i.e. codeql-bundle-20221105)]/x64.complete
Getting this configuration right took me longer then I like to admit, so here it is for future reference to get this correct next time:
Get the bundle itself for the OS and bitness of the OS the runner is using. In my case I was executing the runner on my Windows 11 laptop, s I needed
Note: If you need to automate this, then use the link https://github.com/github/codeql-action/releases/latest to quickly get to the latest version of the bundle.
Go to you runner and get the subfolder
codeql into the correct location. This took a couple of tries because the docs are confusing.
The correct location looks like this:
Where I have the following remarks:
runner: location where I have installed the runner service itself. This folder name is for you to choose.
0.0.0-codeql-bundle-v2.15.5: this is the version of the bundle you are using. Since I downloaded
v2.15.5 and this bundle is used for all previous versions, this is used in the folder name as well. During testing I found that
0.0.0-v2.15.5 also works.
.complete file at the correct folder
As the docs state, there needs to be a file with the
bitness.complete name in the right location. I made the mistake of placing that into the
x64 folder, but it needs to be in the version folder. So in my case it needs to be in
With that, my folder structure looks like this: