require-codeql-category-when-language-matrix

Rule catalog ID: R114

Targeted pattern scope

CodeQL analyze steps inside jobs that use strategy.matrix.language.

What this rule reports

This rule reports CodeQL analyze steps that do not set with.category to include matrix.language when the job uses a language matrix.

Why this rule exists

When CodeQL runs in a language matrix, the SARIF category is the easiest way to keep uploads distinct and understandable in the code scanning UI. Requiring a matrix-aware category helps avoid ambiguous result grouping.

❌ Incorrect

- uses: github/codeql-action/analyze@v4

✅ Correct

- uses: github/codeql-action/analyze@v4
  with:
    category: /language:${{ matrix.language }}

Additional examples

This rule only applies when the job uses a language matrix. Single-language CodeQL jobs are ignored.

ESLint flat config example

import githubActions from "eslint-plugin-github-actions-2";

export default [githubActions.configs.codeScanning];

When not to use it

Disable this rule if your repository intentionally accepts a shared category across matrix jobs and that grouping has already been reviewed.

Targeted pattern scope​

What this rule reports​

Why this rule exists​

❌ Incorrect​

✅ Correct​

Additional examples​

ESLint flat config example​

When not to use it​

Further reading​