Skip to content

Use multi-repository variant analysis (beta) to run CodeQL queries at scale

Today we have released multi-repository variant analysis for CodeQL in public beta to help the OSS security community power up their research with CodeQL.

CodeQL is the static code analysis engine that powers GitHub code scanning. Out of the box, CodeQL is able to find many different types of security vulnerability and flag them up in pull requests.

But one of CodeQL’s superpowers is its versatility and customizability: you can use it to find virtually any pattern in source code. As such, it’s a great tool for finding new types of vulnerabilities – once you’ve identified an interesting pattern, model it as a CodeQL query, and then run it against your repository to find all occurrences of that pattern! But most vulnerabilities are relevant to many codebases. Wouldn’t it be amazing if you could easily run your query against many repos at the same time? Well, now you can with multi-repository variant analysis — which we’ve just shipped in public beta!

Screenshot 2023-02-22 at 16 39 39

This new feature will allow security researchers to run CodeQL analyses against large numbers of repos, straight from the CodeQL extension for VS Code, making it possible to identify new types of security vulnerabilities in the most popular open-source codebases.

Checkout the CodeQL for VS Code documentation to get learn how to get started with multi-repository variant analysis. We'd also love to hear your feedback on this GitHub community discussion.

Starting on March 08, 2023, GitHub Enterprise customers using 2-core GitHub-hosted Linux and Windows runners will have the job concurrency on Windows/Linux increased from 180 to 500.

Enterprise customers need to make no changes to take advantage of this increased concurrency. If you require higher concurrency on 2-Core GitHub-hosted Linux and Windows runners than 500, please reach out to GitHub support.

See more

Many users use our Slack integration to know what’s new in their repo’s Discussion. However, for large repos, these notifications can get overwhelming. Today, we’re introducing the ability to subscribe to specific Discussion categories in Slack. By default, when users subscribe to a Discussion, they subscribe to all categories. With the new command, we’re introducing a way to add category filters:

/github subscribe <org_name>/<repo_name> discussions:{category:"<category1>","<category2>"}

Users can also unsubscribe a Slack channel from previously set category filters with a similar command:

/github unsubscribe <org_name>/<repo_name> discussions:{category:"<category1>"}

Note: By default, if no category filters were added, the app will subscribe to all categories in the Discussion. Similarly, if you remove all category filters, the app will return to its default state of being subscribed to all categories. To unsubscribe from Discussions entirely, users can continue to use the unsubscribe command on Discussions, as shown below:

/github unsubscribe <org_name>/<repo_name> discussions

See more