[BUG]: AdvancedSecurity-Codeql-Init@1 is getting rate limited

[wiruzman]

New issue checklist

• I searched for existing GitHub issues
• I read pipeline troubleshooting guide
• I checked how to collect logs

Task name

AdvancedSecurity-Codeql-Init

Task version

1.1.334

Issue Description

Our pipeline run fails periodically when using AdvancedSecurity-Codeql-Init@1 task with enableAutomaticCodeQLInstall set to true. The task is calling api.github.com to get latest release. If calling api.github.com too many times(we have a lot of repositories and builds), we get rate limited. Offering such pipeline task should work out of the box because it is being maintained by Microsoft. To circumvent the issue, it would be appropriate to offer the option to provide a GitHub access token to help on rate limiting.
For self-hosted agents, we did pre-install CodeQL bundle which is working flawlessly, but sometimes we need to run builds on demand and need to download the latest which can fail due to rate limiting.

Environment type (Please select at least one enviroment where you face this issue)

• Self-Hosted
• Microsoft Hosted
• VMSS Pool
• Container

Azure DevOps Server type

dev.azure.com (formerly visualstudio.com)

Azure DevOps Server Version (if applicable)

No response

Operation system

Azure

Relevant log output

Starting CodeQL automatic detection and installation.
CodeQL Detection and Installation
Retrieving the latest release information for https://api.github.com/repos/github/codeql-action/releases/latest
##[warning] Request failed with status code 403
Install and Setup CodeQL tools
##[warning] The GitHub release API URL for CodeQL failed.

Full task logs with system.debug enabled

Details

2025-12-09T12:22:10.1197830Z ##[debug]Evaluating condition for step: 'AdvancedSecurityCodeqlInit'
2025-12-09T12:22:10.1204487Z ##[debug]Evaluating: SucceededNode()
2025-12-09T12:22:10.1204829Z ##[debug]Evaluating SucceededNode:
2025-12-09T12:22:10.1210226Z ##[debug]=> True
2025-12-09T12:22:10.1215009Z ##[debug]Result: True
2025-12-09T12:22:10.1252708Z ##[section]Starting: AdvancedSecurityCodeqlInit
2025-12-09T12:22:10.1354303Z ==============================================================================
2025-12-09T12:22:10.1354874Z Task         : Advanced Security Initialize CodeQL
2025-12-09T12:22:10.1355134Z Description  : Initializes the CodeQL database in preparation for building.
2025-12-09T12:22:10.1355302Z Version      : 1.1.334
2025-12-09T12:22:10.1355491Z Author       : Microsoft Corporation
2025-12-09T12:22:10.1355707Z Help         : https://aka.ms/advancedsecurity/code-scanning/detection
2025-12-09T12:22:10.1355836Z ==============================================================================
2025-12-09T12:22:10.2651108Z ##[debug]Using node path: /tazp/agent-azdevops-scaledjob-njftq-wspp8/externals/node20_1/bin/node
2025-12-09T12:22:10.4742714Z ##[debug]agent.TempDirectory=/tazp/agent-azdevops-scaledjob-njftq-wspp8/_work/_temp
2025-12-09T12:22:10.4745092Z ##[debug]loading inputs and endpoints
2025-12-09T12:22:10.4745927Z ##[debug]loading INPUT_ENABLEAUTOMATICCODEQLINSTALL
2025-12-09T12:22:10.4746701Z ##[debug]loading INPUT_LANGUAGES
2025-12-09T12:22:10.4747440Z ##[debug]loading INPUT_QUERYSUITE
2025-12-09T12:22:10.4748165Z ##[debug]loading INPUT_BUILDTYPE
2025-12-09T12:22:10.4749306Z ##[debug]loading INPUT_LOGLEVEL
2025-12-09T12:22:10.4750114Z ##[debug]loading ENDPOINT_AUTH_SYSTEMVSSCONNECTION
2025-12-09T12:22:10.4750892Z ##[debug]loading ENDPOINT_AUTH_SCHEME_SYSTEMVSSCONNECTION
2025-12-09T12:22:10.4751680Z ##[debug]loading ENDPOINT_AUTH_PARAMETER_SYSTEMVSSCONNECTION_ACCESSTOKEN
2025-12-09T12:22:10.4752481Z ##[debug]loading SECRET_SYSTEM_ACCESSTOKEN
2025-12-09T12:22:10.4754944Z ##[debug]loaded 9
2025-12-09T12:22:10.4758279Z ##[debug]Agent.ProxyUrl=undefined
2025-12-09T12:22:10.4759120Z ##[debug]Agent.CAInfo=undefined
2025-12-09T12:22:10.4759846Z ##[debug]Agent.ClientCert=undefined
2025-12-09T12:22:10.4760583Z ##[debug]Agent.SkipCertValidation=undefined
2025-12-09T12:22:10.5228075Z ##[debug]advancedsecurity.codeql.debug=undefined
2025-12-09T12:22:10.5228983Z ##[debug]advancedsecurity.codeql.addsnippetstoresults=undefined
2025-12-09T12:22:10.5229682Z ##[debug]advancedsecurity.codeql.debug.uploadall=undefined
2025-12-09T12:22:10.5230248Z ##[debug]advancedsecurity.codeql.debug.uploadsarif=undefined
2025-12-09T12:22:10.5230785Z ##[debug]advancedsecurity.codeql.buildidentifier=undefined
2025-12-09T12:22:10.5231392Z ##[debug]advancedsecurity.codeql.autobuildalllanguages=undefined
2025-12-09T12:22:10.5232095Z ##[debug]advancedsecurity.codeql.artifactscontainername=undefined
2025-12-09T12:22:10.5232752Z ##[debug]advancedsecurity.codeql.initialized=undefined
2025-12-09T12:22:10.5233411Z ##[debug]advancedsecurity.codeql.results.published=undefined
2025-12-09T12:22:10.5234075Z ##[debug]advancedsecurity.codeql.buildtype=undefined
2025-12-09T12:22:10.5234734Z ##[debug]advancedsecurity.publish.repository.infer=undefined
2025-12-09T12:22:10.5235393Z ##[debug]advancedsecurity.publish.repository=undefined
2025-12-09T12:22:10.5236062Z ##[debug]advancedsecurity.publish.allowmissingpartialfingerprints=undefined
2025-12-09T12:22:10.5236751Z ##[debug]advancedsecurity.codeql.ignorepaths=undefined
2025-12-09T12:22:10.5237412Z ##[debug]advancedsecurity.codeql.includepaths=undefined
2025-12-09T12:22:10.5238070Z ##[debug]advancedsecurity.codeql.sourcesfolder=undefined
2025-12-09T12:22:10.5238748Z ##[debug]advancedsecurity.codeql.logLevel=undefined
2025-12-09T12:22:10.5239395Z ##[debug]set advancedsecurity.codeql.logLevel=0
2025-12-09T12:22:10.5248550Z ##[debug]Processed: ##vso[task.setvariable variable=advancedsecurity.codeql.logLevel;isOutput=false;issecret=false;]0
2025-12-09T12:22:10.5249395Z ##[debug]advancedsecurity.codeql.ram=undefined
2025-12-09T12:22:10.5250339Z ##[debug]set advancedsecurity.codeql.ram=51597.00
2025-12-09T12:22:10.5251208Z ##[debug]Processed: ##vso[task.setvariable variable=advancedsecurity.codeql.ram;isOutput=false;issecret=false;]51597.00
2025-12-09T12:22:10.5251798Z ##[debug]advancedsecurity.codeql.threads=undefined
2025-12-09T12:22:10.5252323Z ##[debug]advancedsecurity.codeql.language=undefined
2025-12-09T12:22:10.5252960Z ##[debug]advancedsecurity.codeql.querysuite=undefined
2025-12-09T12:22:10.5253555Z ##[debug]set advancedsecurity.codeql.querysuite=security-extended
2025-12-09T12:22:10.5254305Z ##[debug]Processed: ##vso[task.setvariable variable=advancedsecurity.codeql.querysuite;isOutput=false;issecret=false;]security-extended
2025-12-09T12:22:10.5255146Z ##[debug]advancedsecurity.codeql.configfilepath=undefined
2025-12-09T12:22:10.5256035Z ##[debug]advancedsecurity.codeql.toolsdirectory=undefined
2025-12-09T12:22:10.5256614Z ##[debug]Build.Repository.LocalPath=/tazp/agent-azdevops-scaledjob-njftq-wspp8/_work/1/s
2025-12-09T12:22:10.5257159Z ##[debug]advancedsecurity.codeql.debug=undefined
2025-12-09T12:22:10.5257692Z ##[debug]advancedsecurity.codeql.addsnippetstoresults=undefined
2025-12-09T12:22:10.5258231Z ##[debug]advancedsecurity.codeql.debug.uploadall=undefined
2025-12-09T12:22:10.5258763Z ##[debug]advancedsecurity.codeql.debug.uploadsarif=undefined
2025-12-09T12:22:10.5259298Z ##[debug]advancedsecurity.codeql.buildidentifier=undefined
2025-12-09T12:22:10.5259830Z ##[debug]advancedsecurity.codeql.autobuildalllanguages=undefined
2025-12-09T12:22:10.5260542Z ##[debug]advancedsecurity.codeql.artifactscontainername=undefined
2025-12-09T12:22:10.5261073Z ##[debug]advancedsecurity.codeql.initialized=undefined
2025-12-09T12:22:10.5261601Z ##[debug]advancedsecurity.codeql.results.published=undefined
2025-12-09T12:22:10.5262195Z ##[debug]advancedsecurity.codeql.buildtype=undefined
2025-12-09T12:22:10.5262727Z ##[debug]advancedsecurity.publish.repository.infer=undefined
2025-12-09T12:22:10.5263260Z ##[debug]advancedsecurity.publish.repository=undefined
2025-12-09T12:22:10.5263805Z ##[debug]advancedsecurity.publish.allowmissingpartialfingerprints=undefined
2025-12-09T12:22:10.5264346Z ##[debug]advancedsecurity.codeql.ignorepaths=undefined
2025-12-09T12:22:10.5264864Z ##[debug]advancedsecurity.codeql.includepaths=undefined
2025-12-09T12:22:10.5265390Z ##[debug]advancedsecurity.codeql.sourcesfolder=undefined
2025-12-09T12:22:10.5265909Z ##[debug]advancedsecurity.codeql.logLevel=0
2025-12-09T12:22:10.5266419Z ##[debug]set advancedsecurity.codeql.logLevel=0
2025-12-09T12:22:10.5269142Z ##[debug]Processed: ##vso[task.setvariable variable=advancedsecurity.codeql.logLevel;isOutput=false;issecret=false;]0
2025-12-09T12:22:10.5269838Z ##[debug]advancedsecurity.codeql.ram=51597.00
2025-12-09T12:22:10.5270362Z ##[debug]set advancedsecurity.codeql.ram=51597.00
2025-12-09T12:22:10.5271074Z ##[debug]Processed: ##vso[task.setvariable variable=advancedsecurity.codeql.ram;isOutput=false;issecret=false;]51597.00
2025-12-09T12:22:10.5271638Z ##[debug]advancedsecurity.codeql.threads=undefined
2025-12-09T12:22:10.5272177Z ##[debug]advancedsecurity.codeql.language=undefined
2025-12-09T12:22:10.5272706Z ##[debug]advancedsecurity.codeql.querysuite=security-extended
2025-12-09T12:22:10.5273248Z ##[debug]set advancedsecurity.codeql.querysuite=security-extended
2025-12-09T12:22:10.5273980Z ##[debug]Processed: ##vso[task.setvariable variable=advancedsecurity.codeql.querysuite;isOutput=false;issecret=false;]security-extended
2025-12-09T12:22:10.5274565Z ##[debug]advancedsecurity.codeql.configfilepath=undefined
2025-12-09T12:22:10.5275097Z ##[debug]advancedsecurity.codeql.toolsdirectory=undefined
2025-12-09T12:22:10.5275685Z ##[debug]check path : /tazp/agent-azdevops-scaledjob-njftq-wspp8/_work/_tasks/AdvancedSecurity-Codeql-Init_a34f8529-3300-494f-a460-963e3f5f6928/1.1.334/task.json
2025-12-09T12:22:10.5276351Z ##[debug]adding resource file: /tazp/agent-azdevops-scaledjob-njftq-wspp8/_work/_tasks/AdvancedSecurity-Codeql-Init_a34f8529-3300-494f-a460-963e3f5f6928/1.1.334/task.json
2025-12-09T12:22:10.5277098Z ##[debug]system.culture=en-US
2025-12-09T12:22:10.5277614Z ##[debug]Agent.TempDirectory=/tazp/agent-azdevops-scaledjob-njftq-wspp8/_work/_temp
2025-12-09T12:22:10.5278249Z ##[debug]Build.Repository.Provider=TfsGit
2025-12-09T12:22:10.5278778Z ##[debug]Build.SourcesDirectory=/tazp/agent-azdevops-scaledjob-njftq-wspp8/_work/1/s
2025-12-09T12:22:10.5279331Z ##[debug]System.TeamProjectId=
2025-12-09T12:22:10.5279871Z ##[debug]System.CollectionUri=https://dev.azure.com//
2025-12-09T12:22:10.5280389Z ##[debug]Agent.ProxyUrl=undefined
2025-12-09T12:22:10.5280926Z ##[debug]Build.Repository.Uri=https://@dev.azure.com///_git/
2025-12-09T12:22:10.5281486Z ##[debug]Build.Repository.ID=69a34cbb-efc8-4bd6-8f42-7e12d3c3604a
2025-12-09T12:22:10.5282034Z ##[debug]Build.SourceBranch=refs/heads/experiment/mek/github_codeql_test
2025-12-09T12:22:10.5282562Z ##[debug]Build.SourceBranchName=github_codeql_test
2025-12-09T12:22:10.5283133Z ##[debug]Build.SourceVersion=7387c0b5f724d1ae136aa3a18181511b543bd360
2025-12-09T12:22:10.5283643Z ##[debug]Build.BuildId=783603
2025-12-09T12:22:10.5284147Z ##[debug]Build.BuildUri=vstfs:///Build/Build/783603
2025-12-09T12:22:10.5284645Z ##[debug]System.DefinitionId=743
2025-12-09T12:22:10.5285145Z ##[debug]Build.DefinitionName=GitHub.CodeQL.Test
2025-12-09T12:22:10.5285648Z ##[debug]Build.DefinitionVersion=3
2025-12-09T12:22:10.5286136Z ##[debug]Build.Reason=Manual
2025-12-09T12:22:10.5286721Z ##[debug]System.PhaseId=602103e3-7ed0-534c-4161-3688dcba1bd9
2025-12-09T12:22:10.5287234Z ##[debug]System.PhaseName=GitHubCodeQLTest_6
2025-12-09T12:22:10.5287753Z ##[debug]System.CollectionId=
2025-12-09T12:22:10.5288265Z ##[debug]System.TeamProject=
2025-12-09T12:22:10.5288782Z ##[debug]Build.Repository.Name=
2025-12-09T12:22:10.5289370Z ##[debug]Build.Repository.Uri=https://@dev.azure.com///_git/
2025-12-09T12:22:10.5289913Z ##[debug]System.TeamProject=
2025-12-09T12:22:10.5290443Z ##[debug]System.DefaultWorkingDirectory=/tazp/agent-azdevops-scaledjob-njftq-wspp8/_work/1/s
2025-12-09T12:22:10.5290821Z Session Id=a0619096-276b-4626-96e1-ef61236760ec
2025-12-09T12:22:10.5291250Z ##[debug]set GHAZDO_VERSION=1.1.334
2025-12-09T12:22:10.5291911Z ##[debug]Processed: ##vso[task.setvariable variable=GHAZDO_VERSION;isOutput=false;issecret=false;]1.1.334
2025-12-09T12:22:10.5292488Z ##[debug]languages=csharp
2025-12-09T12:22:10.5292979Z ##[debug]ram=undefined
2025-12-09T12:22:10.5293458Z ##[debug]threads=undefined
2025-12-09T12:22:10.5293952Z ##[debug]querysuite=Select a query suite...
2025-12-09T12:22:10.5294460Z ##[debug]codeqlpathstoignore=undefined
2025-12-09T12:22:10.5294961Z ##[debug]codeqlpathstoinclude=undefined
2025-12-09T12:22:10.5295454Z ##[debug]loglevel=_
2025-12-09T12:22:10.5296404Z ##[debug]sourcesfolder=undefined
2025-12-09T12:22:10.5296918Z ##[debug]configfilepath=undefined
2025-12-09T12:22:10.5297426Z ##[debug]codeqltoolsdirectory=undefined
2025-12-09T12:22:10.5297932Z ##[debug]enableAutomaticCodeQLInstall=true
2025-12-09T12:22:10.5298436Z ##[debug]buildtype=Manual
2025-12-09T12:22:10.5298921Z ##[debug]buildtype=Manual
2025-12-09T12:22:10.5299432Z ##[debug]set advancedsecurity.codeql.querysuite=security-extended
2025-12-09T12:22:10.5300200Z ##[debug]Processed: ##vso[task.setvariable variable=advancedsecurity.codeql.querysuite;isOutput=false;issecret=false;]security-extended
2025-12-09T12:22:10.5300782Z ##[debug]set advancedsecurity.codeql.language=csharp
2025-12-09T12:22:10.5301469Z ##[debug]Processed: ##vso[task.setvariable variable=advancedsecurity.codeql.language;isOutput=false;issecret=false;]csharp
2025-12-09T12:22:10.5302040Z ##[debug]set advancedsecurity.codeql.buildtype=manual
2025-12-09T12:22:10.5302736Z ##[debug]Processed: ##vso[task.setvariable variable=advancedsecurity.codeql.buildtype;isOutput=false;issecret=false;]manual
2025-12-09T12:22:10.5303170Z Starting CodeQL automatic detection and installation.
2025-12-09T12:22:10.5303547Z ##[group]CodeQL Detection and Installation
2025-12-09T12:22:10.5303835Z Retrieving the latest release information for https://api.github.com/repos/github/codeql-action/releases/latest
2025-12-09T12:22:10.6176967Z ##[warning] Request failed with status code 403
2025-12-09T12:22:10.6178286Z ##[group]Install and Setup CodeQL tools
2025-12-09T12:22:10.6178899Z ##[endgroup]
2025-12-09T12:22:10.6179311Z ##[warning] The GitHub release API URL for CodeQL failed.
2025-12-09T12:22:10.6180326Z ##[debug]task result: Failed
2025-12-09T12:22:10.6199340Z ##[error]The GitHub release API URL for CodeQL failed.
2025-12-09T12:22:10.6205228Z ##[debug]Processed: ##vso[task.issue type=error;]The GitHub release API URL for CodeQL failed.
2025-12-09T12:22:10.6211460Z ##[debug]Processed: ##vso[task.complete result=Failed;]The GitHub release API URL for CodeQL failed.
2025-12-09T12:22:10.6211948Z 
2025-12-09T12:22:10.6212349Z Learn more about the scan for the CodeQL build tasks:
2025-12-09T12:22:10.6212765Z https://aka.ms/advanced-security/code-scanning/detection
2025-12-09T12:22:10.6212881Z 
2025-12-09T12:22:10.6506517Z ##[debug]Processed: ##vso[telemetry.publish area=AdvancedSecurity;feature=AdvancedSecurity-Codeql-Init;]{"taskName":"AdvancedSecurity-Codeql-Init","startTime":"2025-12-09T12:22:10.527Z","sessionId":"a0619096-276b-4626-96e1-ef61236760ec","buildDefinitionIdentifier":"6865cd11-4efc-41aa-bb10-2244135f240d:743","buildIdentifier":"6865cd11-4efc-41aa-bb10-2244135f240d:783603","debug":false,"hasPathsToInclude":false,"hasPathsToIgnore":false,"addSnippetsToResults":false,"debugUploadAll":false,"debugUploadSarif":false,"logLevel":0,"autobuildAllLanguages":false,"querySuite":"security-extended","languages":["csharp"],"isConfigFileProvided":false,"isAutomaticCodeQLDetectionEnabled":true,"success":false,"errorMessage":"The GitHub release API URL for CodeQL failed.","extensionErrorStackTrace":"at /tazp/agent-azdevops-scaledjob-njftq-wspp8/_work/_tasks/AdvancedSecurity-Codeql-Init_a34f8529-3300-494f-a460-963e3f5f6928/1.1.334/index.js:14:67424\n    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)\n    at async y.getLatestReleaseDetails (/tazp/agent-azdevops-scaledjob-njftq-wspp8/_work/_tasks/AdvancedSecurity-Codeql-Init_a34f8529-3300-494f-a460-963e3f5f6928/1.1.334/index.js:14:66808)\n    at async t.ToolCache.findAndEnsureLatest (/tazp/agent-azdevops-scaledjob-njftq-wspp8/_work/_tasks/AdvancedSecurity-Codeql-Init_a34f8529-3300-494f-a460-963e3f5f6928/1.1.334/index.js:14:108761)\n    at async t.determineCodeQLInstall (/tazp/agent-azdevops-scaledjob-njftq-wspp8/_work/_tasks/AdvancedSecurity-Codeql-Init_a34f8529-3300-494f-a460-963e3f5f6928/1.1.334/index.js:14:115915)","endTime":"2025-12-09T12:22:10.618Z","totalSeconds":0.091}
2025-12-09T12:22:10.6543055Z ##[section]Finishing: AdvancedSecurityCodeqlInit
  

Repro steps

trigger: none

pool: 
  vmImage: windows-2022

steps:
- checkout: none
- task: AdvancedSecurity-Codeql-Init@1
  inputs:
    enableAutomaticCodeQLInstall: true
    languages: 'csharp'

[laurajjiang]

hi @wiruzman , we've shipped a fix for this in later versions of the build task. could you try to run the task again, or pin the task to the 1.1.337 version?

[wiruzman]

@laurajjiang What is the fix? Should we do anything from our side other than pin the version?

[laurajjiang]

@wiruzman it's all within the build task itself so no action should be needed aside from using the new task version!

[surajitshil-03]

As the issue is resolved I am closing this bug.