CodeQL code scanning now recognizes more Python libraries and frameworks

We’ve improved the depth of CodeQL's Python analysis by adding support for more libraries and frameworks, including:

  • FastAPI
  • aiomysql
  • aiopg
  • asyncpg
  • Django REST framework
  • The os.path module
  • Flask-Admin
  • toml
  • ruamel.yaml
  • SQLAlchemy

As a result, CodeQL can now detect even more potential sources of untrusted user data, steps through which that data flows, and potentially dangerous sinks in which this data could end up. This results in an overall improvement of the quality of the code scanning alerts.

We carefully choose and prioritize the libraries and frameworks supported by CodeQL based on their popularity and through user feedback. These improvements are now available to users of CodeQL code scanning on GitHub.com, and will also be available in the next release of GitHub Enterprise Server (3.4).

You can now run workflows for Python projects faster on GitHub Actions by enabling dependency caching on the setup-python action. setup-python supports caching for both pip and pipenv projects.

The following example enables caching for a Python project with pip:

steps:
- uses: actions/checkout@v2
- uses: actions/setup-python@v2
  with:
    python-version: '3.9'
    cache: 'pip'
- run: pip install -r requirements.txt
- run: pip test

For additional examples, visit the setup-python repository.

See more