I'm not sure what you mean by each issue? Perhaps each security Alert? If the Alerts are related to each other then yes, CodeQL/Code Scanning will pick that up and note that the solution solved the same alert/issue/problem and track in that alert's audit history that it was closed with a certain commit hash. Otherwise unrelated issues/alerts are separate concerns and have their own resolution path/requirements. Hopefully I understood your concerns and that this answer was applicable :) Cheers!
Just ran into this video. Exactly what I was looking for as I'm trying to get family with GHAS. Great presentation
Why we need to run multiple times for each issue? Can’t codeql get all the issues in one shot ?
I'm not sure what you mean by each issue? Perhaps each security Alert? If the Alerts are related to each other then yes, CodeQL/Code Scanning will pick that up and note that the solution solved the same alert/issue/problem and track in that alert's audit history that it was closed with a certain commit hash. Otherwise unrelated issues/alerts are separate concerns and have their own resolution path/requirements. Hopefully I understood your concerns and that this answer was applicable :) Cheers!