Skip to content

Clarification on CodeQL CLI Licensing for On-Premise Azure DevOps Usage #21487

New issue
New issue
Open
Open
Clarification on CodeQL CLI Licensing for On-Premise Azure DevOps Usage#21487
Labels
questionFurther information is requested
@iSQL

Description

@iSQL
iSQL
opened on Mar 17, 2026

Hello,

I've reviewed the CodeQL CLI LICENSE.md (https://github.com/github/codeql-cli-binaries/blob/main/LICENSE.md), which states that local analysis of non-open-source codebases requires a paid GitHub Advanced Security (GHAS) license.

My questions:

  1. Can the CodeQL CLI be used legally for local analysis (database creation/analysis) on private enterprise code hosted in on-premise Azure DevOps Server (not Azure DevOps Services/GitHub)? Or I must host my code in the cloud?

  2. Does a standard GHAS license (via GitHub Enterprise Cloud/Server) cover this scenario, or is additional licensing required for Azure DevOps on-prem integration?

Metadata

Metadata

Assignees

No one assigned

    Labels

    questionFurther information is requested

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions