The CodeQL package manager is now available in public beta on GitHub.com. CodeQL packages can contain CodeQL queries and CodeQL libraries — and of course you can express dependencies between packs. You can upload your packs to the package registry on GitHub.com, and CodeQL will automatically fetch any required dependencies when running queries from a pack. This makes it simple to create and share CodeQL queries and libraries!
All of our own CodeQL queries and libraries are now also released as CodeQL packs at github.com/codeql.
For each language there is a query pack containing all CodeQL queries for that language (from our open source repository). These packs are named codeql/<language>-queries. For example, the CodeQL pack containing the standard C/C++ queries is called codeql/cpp-queries.
We've also released packs with all CodeQL standard libraries for each language. These packs are named codeql/<language>-all (e.g. codeql/cpp-all). If you're writing your own query pack, you'll likely want to express a dependency on the CodeQL standard libraries for that language.
CodeQL pack visibility
You can choose the permission levels required for users to view and access your CodeQL packs. Currently, all CodeQL packs default to Internal and should manually be set to Public. If you want to make your CodeQL pack visible to everyone, go to the settings section of the package and Change package visibility to Public.
Downloading CodeQL packs
All CodeQL packs can be downloaded and installed using the CodeQL CLI. You do not need to use the docker pull command shown on the package page. For more information, see Publishing and using CodeQL packs.
Developers using GitHub Sponsors now have the ability to control Custom Amounts on their Sponsors profile with more granularity. Users can enable Custom Amounts for use with a recurring sponsorship, a one-time sponsorship, both, or neither.
In June, we announced that security alert notifications are opt-in on a per-repository basis, using the repository's watch settings. Today, we have updated security alert digest emails to also respect these settings.
If you are no longer receiving digest emails for a repository and want to, please update your notification subscription settings on that repo to include Security Alerts.