Last year, we launched Ruby analysis support in beta for GitHub code scanning. Today, we're announcing the general availability of this feature — covering even more vulnerabilities in Ruby code.

Ruby is part of the top 10 most popular languages on GitHub today. In the past year alone, code scanning (powered by the CodeQL engine) helped Ruby developers resolve more than 4,000 security issues. Set up code scanning on your repositories today and receive actionable security alerts right on your pull-requests.

Since shipping in beta, our Ruby analysis has more than doubled the number of common weaknesses (CWEs) that it can detect. A total of 30 rules check your code for a range of vulnerabilities, including cross-site scripting (XSS), regular expression denial-of-service (ReDoS), SQL injection, and more. Additional library and framework coverage for Ruby-on-Rails ensures that web service developers get even more precise results. We currently support all common Ruby versions, up to and including 3.1. Check out the documentation for more details on compatibility.

Ruby support is available by default in code scanning, the CodeQL CLI, and the CodeQL extension for VS Code. GitHub Enterprise Server (GHES) version 3.4 shipped with Ruby (beta) support, and GHES 3.8 will include this GA release.