docs/content/code-security/securing-your-organization/troubleshooting-security-configurations/unexpected-default-setup.md

title, shortTitle, intro, permissions, versions, topics

title	shortTitle	intro	permissions	versions	topics
Default setup for code scanning overrides advanced setup	Unexpected default setup	You apply a {% data variables.product.prodname_security_configuration %} with "Enabled with advanced setup allowed" and the existing advanced setup for {% data variables.product.prodname_code_scanning %} is ignored in some repositories.	{% data reusables.permissions.security-org-enable %}	feature security-configurations	Code Security Organizations Security

About the problem

When you apply a {% data variables.product.prodname_security_configuration %} and {% data variables.product.prodname_code_scanning %} is defined as "Enabled with advanced setup allowed", each repository is checked to see if there is an existing, active, advanced setup.

• No change to {% data variables.product.prodname_code_scanning %} if an active advanced setup configuration is detected.
• Default setup is enabled for repositories where advanced setup is inactive or absent.

Inactive or absent advanced setup

{% data reusables.code-scanning.inactive-advanced-setup %}

Solving the problem

This solution has two parts:

1. Any repositories where default setup for {% data variables.product.prodname_code_scanning %} was unexpectedly applied need to run {% data variables.product.prodname_codeql %} analysis at intervals of less than 90 days, for example, once a month.

   Even if the repository is not under active development, new vulnerabilities may be identified by updates to {% data variables.product.prodname_codeql %} analysis.

2. Once the affected repositories all have {% data variables.product.prodname_codeql %} analysis running, you can reapply the {% data variables.product.prodname_security_configuration %}.