github
diff --git a/‎lib/analyze-action.js‎
Lines changed: 15 additions & 0 deletions b/‎lib/analyze-action.js‎
Lines changed: 15 additions & 0 deletions
diff --git a/‎lib/init-action-post.js‎
Lines changed: 15 additions & 0 deletions b/‎lib/init-action-post.js‎
Lines changed: 15 additions & 0 deletions
diff --git a/‎lib/init-action.js‎
Lines changed: 15 additions & 0 deletions b/‎lib/init-action.js‎
Lines changed: 15 additions & 0 deletions
diff --git a/‎lib/setup-codeql-action.js‎
Lines changed: 15 additions & 0 deletions b/‎lib/setup-codeql-action.js‎
Lines changed: 15 additions & 0 deletions
diff --git a/‎lib/upload-lib.js‎
Lines changed: 15 additions & 0 deletions b/‎lib/upload-lib.js‎
Lines changed: 15 additions & 0 deletions
diff --git a/‎lib/upload-sarif-action.js‎
Lines changed: 15 additions & 0 deletions b/‎lib/upload-sarif-action.js‎
Lines changed: 15 additions & 0 deletions
diff --git a/‎src/api-client.test.ts‎
Lines changed: 35 additions & 0 deletions b/‎src/api-client.test.ts‎
Lines changed: 35 additions & 0 deletions
diff --git a/‎src/api-client.ts‎
Lines changed: 19 additions & 0 deletions b/‎src/api-client.ts‎
Lines changed: 19 additions & 0 deletions
@@ -169,4 +169,39 @@ test("wrapApiConfigurationError correctly wraps specific configuration errors",
     res,
     new util.ConfigurationError("Resource not accessible by integration"),
   );
+
+  // Enablement errors.
+  const codeSecurityNotEnabledError = new util.HTTPError(
+    "Code Security must be enabled for this repository to use code scanning",
+    403,
+  );
+  res = api.wrapApiConfigurationError(codeSecurityNotEnabledError);
+  t.deepEqual(
+    res,
+    new util.ConfigurationError(
+      api.getFeatureEnablementError(codeSecurityNotEnabledError.message),
+    ),
+  );
+  const advancedSecurityNotEnabledError = new util.HTTPError(
+    "Advanced Security must be enabled for this repository to use code scanning",
+    403,
+  );
+  res = api.wrapApiConfigurationError(advancedSecurityNotEnabledError);
+  t.deepEqual(
+    res,
+    new util.ConfigurationError(
+      api.getFeatureEnablementError(advancedSecurityNotEnabledError.message),
+    ),
+  );
+  const codeScanningNotEnabledError = new util.HTTPError(
+    "Code Scanning is not enabled for this repository. Please enable code scanning in the repository settings.",
+    403,
+  );
+  res = api.wrapApiConfigurationError(codeScanningNotEnabledError);
+  t.deepEqual(
+    res,
+    new util.ConfigurationError(
+      api.getFeatureEnablementError(codeScanningNotEnabledError.message),
+    ),
+  );
 });
@@ -283,6 +283,20 @@ export async function getRepositoryProperties(repositoryNwo: RepositoryNwo) {
   });
 }
 
+function isEnablementError(msg: string) {
+  return [
+    /Code Security must be enabled/,
+    /Advanced Security must be enabled/,
+    /Code Scanning is not enabled/,
+  ].some((pattern) => pattern.test(msg));
+}
+
+// TODO: Move to `error-messages.ts` after refactoring import order to avoid cycle
+// since `error-messages.ts` currently depends on this file.
+export function getFeatureEnablementError(message: string): string {
+  return `Please verify that the necessary features are enabled: ${message}`;
+}
+
 export function wrapApiConfigurationError(e: unknown) {
   const httpError = asHTTPError(e);
   if (httpError !== undefined) {
@@ -304,6 +318,11 @@ export function wrapApiConfigurationError(e: unknown) {
         "Please check that your token is valid and has the required permissions: contents: read, security-events: write",
       );
     }
+    if (httpError.status === 403 && isEnablementError(httpError.message)) {
+      return new ConfigurationError(
+        getFeatureEnablementError(httpError.message),
+      );
+    }
     if (httpError.status === 429) {
       return new ConfigurationError("API rate limit exceeded");
     }