Codeql failing to scan github repository storing only java code

I'm trying to scan java code with codeql. In my repo I have some class files:


It's very simple and was built by Eclipse and I only exported the executable *.jar file from it before.

Now as I'm trying to scan this by codeql, it was trying to autobuild it without success. After investigating it online I understood that only specific type of projects can work with autobuild hence I went back to Eclipes and converted my project to maven. Now (the one used by autobuild) is trying to execute a 'mvn' command which I would assume should work and code scan should be successful, but it seems that 'mvn' is not found on the system (I thought this is included during the initialization step or somewhere else). I tried to find a solution how to install maven before executing the autobuild step, but didn't find solution. The error looks like this:

  /opt/hostedtoolcache/CodeQL/2.12.6-20230403/x64/codeql/codeql version --format=terse
  Picked up JAVA_TOOL_OPTIONS:  -Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false
  [2023-08-23 07:27:32] Build directory is .
  [2023-08-23 07:27:32] [autobuild] > mvn clean package -f "pom.xml" -B -V -e -Dfindbugs.skip -Dcheckstyle.skip -Dpmd.skip=true -Dspotbugs.skip -Denforcer.skip -Dmaven.javadoc.skip -DskipTests -Dmaven.test.skip.exec -Dlicense.skip=true -Drat.skip=true -Dspotless.check.skip=true 
  Error: 8-23 07:27:32] [autobuild] [ERROR] Error executing command mvn clean package -f "pom.xml" -B -V -e -Dfindbugs.skip -Dcheckstyle.skip -Dpmd.skip=true -Dspotbugs.skip -Denforcer.skip -Dmaven.javadoc.skip -DskipTests -Dmaven.test.skip.exec -Dlicense.skip=true -Drat.skip=true -Dspotless.check.skip=true 
                                            com.semmle.util.exception.ResourceError: IOException while executing process with args: [mvn, clean, package, -f, pom.xml, -B, -V, -e, -Dfindbugs.skip, -Dcheckstyle.skip, -Dpmd.skip=true, -Dspotbugs.skip, -Denforcer.skip, -Dmaven.javadoc.skip, -DskipTests, -Dmaven.test.skip.exec, -Dlicense.skip=true, -Drat.skip=true, -Dspotless.check.skip=true]
                                            (eventual cause: IOException "error=2, No such file or directory")
                                                at com.semmle.util.process.AbstractProcessBuilder.execute(
                                                at com.semmle.util.process.AbstractProcessBuilder.execute(
                                                at com.semmle.autobuild.AutoBuild.deduceAndRunBuildCommands(
                                                at com.semmle.autobuild.AutoBuild.runApi(
                                                at com.semmle.util.process.CliCommand.safeRun(
                                                at com.semmle.util.process.VerbCliTool.runImpl(
                                                at com.semmle.autobuild.Main.mainApi(
                                                at com.semmle.autobuild.Main.main(
                                            Caused by: Cannot run program "mvn" (in directory "."): error=2, No such file or directory
                                                at java.base/java.lang.ProcessBuilder.start(Unknown Source)
                                                at java.base/java.lang.ProcessBuilder.start(Unknown Source)
                                                at com.semmle.util.process.AbstractProcessBuilder.execute(
                                                ... 10 common frames omitted
                                            Caused by: error=2, No such file or directory
                                                at java.base/java.lang.ProcessImpl.forkAndExec(Native Method)
                                                at java.base/java.lang.ProcessImpl.<init>(Unknown Source)
                                                at java.base/java.lang.ProcessImpl.start(Unknown Source)
                                                ... 13 common frames omitted
  Error: We were unable to automatically build your code. Please replace the call to the autobuild action with your custom build steps. Failure invoking /opt/hostedtoolcache/CodeQL/2.12.6-20230403/x64/codeql/java/tools/ with arguments .
        Exit code 254 and error was:
        Picked up JAVA_TOOL_OPTIONS:  -Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false

and my codeql.yml file looks like this (right now):

name: "CodeQL"

    branches: [ "master" ]
    # The branches below must be a subset of the branches above
    branches: [ "master" ]

    name: Analyze
    runs-on: [ubuntu-latest]
      actions: read
      contents: read
      security-events: write

      fail-fast: false
        language: [ 'java' ]
        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
        # Use only 'java' to analyze code written in Java, Kotlin or both
        # Use only 'javascript' to analyze code written in JavaScript, TypeScript or both
        # Learn more about CodeQL language support at

    - name: Checkout repository
      uses: actions/checkout@v3

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
      uses: github/codeql-action/init@v2
        languages: ${{ matrix.language }}
        # If you wish to specify custom queries, you can do so here or in a config file.
        # By default, queries listed here will override any specified in a config file.
        # Prefix the list here with "+" to use these queries and those in the config file.

        # Details on CodeQL's query packs refer to :
        # queries: security-extended,security-and-quality

    # Autobuild attempts to build any compiled languages  (C/C++, C#, Go, or Java).
    # If this step fails, then you should remove it and run the build manually (see below)
    - name: Autobuild
      uses: github/codeql-action/autobuild@v2

    # ℹ️ Command-line programs to run using the OS shell.
    # 📚 See

    #   If the Autobuild fails above, remove it and uncomment the following three lines.
    #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.

    #- run: |
    #   echo "Skipping build, it is not needed..."
    #   ls -lR .
    #   sudo apt install maven
    #   mvn clean install

    - name: Perform CodeQL Analysis
      uses: github/codeql-action/analyze@v2
        category: "/language:${{matrix.language}}"

I tried to skip the autobuild, but in that case the analyse step is just failing with the following error:

  /opt/hostedtoolcache/CodeQL/2.12.6-20230403/x64/codeql/codeql database finalize --finalize-dataset --threads=8 --ram=14984 /runner/_work/_temp/codeql_databases/java
  CodeQL detected code written in Java but could not process any of it. Review our troubleshooting guide at
  Error: No code found during the build. Please see:

I tried to build it manually, but I was not able to install maven (I guess executing install commands won't work this way)


  • The runners used for this repository and many more were built with minimalistic images. Java and maven needed to be installed manually. For java is working and for maven we used sudo apt-get install -y maven After these steps Autobuild step and code scan was successful.