Organization-level code scanning default setup for CodeQL is now generally available

Today we are announcing the general availability of code scanning default setup enablement at the organization level.

Code scanning enable all default setup button on the organization's 'Settings' page

You can use code scanning default setup to enable CodeQL analysis for pull requests and pushes on eligible repositories without committing any workflow files. Currently, this feature is only available for repositories that use GitHub Actions and it supports analysis of JavaScript/TypeScript, Python, Ruby and Go. We plan to add support for additional languages soon.

This feature is also available as a public beta in GitHub Enterprise Server 3.9 and will be generally available in GitHub Enterprise Server 3.10.

Learn more about configuring code scanning at scale using CodeQL and the "Enable or disable a security feature for an organization" REST API
Learn more about GitHub Advanced Security

The latest release of CodeQL for VS Code includes new functionality for creating lists of target repositories for multi-repository variant analysis with GitHub code search.

Multi-repository variant analysis (MRVA) allows security researchers to run CodeQL analyses against large numbers of repos straight from the CodeQL extension for VS Code, making it possible to identify new types of security vulnerabilities in the most popular open-source codebases. Curated lists of up to 1,000 widely-used public GitHub repositories are included with MRVA to help you get started quickly – you can even trigger an MRVA run against up to 1,000 repositories in a single GitHub organization.

However, if you’d prefer to target different repositories, you can also create your own custom lists. To help make it easier to identify the most relevant repositories to include in your custom lists we have just released a new integration with the GitHub search API in the CodeQL extension. With this new feature, you can restrict the repositories appearing in your custom lists by the contents of source files, file paths, file location, or any other supported search qualifier.

For more information about how to use GitHub code search with MRVA, see Using GitHub code search to add repositories to a custom list in the CodeQL for VS Code documentation.

See more

Today's Changelog brings you copy and paste improvements, updates to the API in projects and a flurry of tasklist updates.

📋 Copy and paste improvements

Copying table cells has been updated from plain text to rich text! Rich formatting like bold, inline code and links will now be maintained when copying and pasting data from a project. This allows better direct pasting when working across applications like Excel, Sheets, and GitHub Markdown editors. We've also made other small improvements like updating the CSV format to export tab-separated, instead of comma-separated files as well as, copying GitHub handles instead of full names.

🌐 Updated title tab in browser 


By popular demand, we've updated the tab title bar in your browser to display Issue nameView nameProject name in that order. This also applies to bookmarks and social titles!

💅 Support filtering on field schema in ProjectsV2SingleSelectField

Returning all of the options for a single select field can make our API's response hard for users to parse. You can now filter the options array by name when using GraphQL to fetch only the contents of a single select field that you care about!

query {
  organization(login:"github") {
    projectV2(number:6051) {
      creator {
        ... on User { login }
      }
      shortDescription
      field(name:"Status") {
        ... on ProjectV2SingleSelectField {
          dataType
          updatedAt
          options(names:["On hold ⏰", "Done"]) {
            name
          }
        }
      }
    }
  }
}

🎨 Tasklist redesign, accessibility improvements

Tasklists got a refresh! Alongside making the drag and drop functionality a bit more discoverable, we've added separators between items in your tasklist and made other small design tweaks.

As part of this redesign, tasklists are now more easily read by screen readers and can be navigated with tab as well as the arrow keys. We've moved previously inaccessible actions, like converting a draft task to an issue or clicking the assignee placeholder to edit assignees, into the three dot menu for each task.

➕ Bulk add tasklist issues to projects

You can now add any new items which have appeared in your issue's tasklist with a click of a button! Simply group by the Tracked by field and add all of the missing children directly and automatically to your project.

⭐ Add to project from projects side panel

Has this ever happened to you? You're managing issues in your project and you use the breadcrumb navigation to to open an issue you want to edit but you find its not yet in the project so you can't access project fields?! 😖

Well, fear not, we've added the ability to quickly add any issue you open in the projects side panel to your project so you can more easily edit project metadata on your issues!

Bug fixes and improvements

  • Hiding columns in board view no longer errors for column names with multiple words
  • Improved performance on dragging rows
  • Fixed wrapping format when editing custom fields in the View menu
  • The Select column action is now available for non-editable columns
  • Users can now select more than 50 cells at a time
  • Fixed a bug so that if all characters are deleted in a draft issue title and the draft is closed, the title will revert back to the state before all characters were deleted
  • As part of the work towards removing the 1200 item limit on projects. Table row numbers will now always show in ascending order for the items in the view. Rather than showing a global number which may have included spaces for items filtered out of the view.
  • Resolved a bug in tasklists where merged pull requests were showing as "closed," reverted back to showing issue icons, full pull request support coming soon!
  • When creating a new field in a view, we’ve updated the behaviour to confirm on cancel so that new field is not lost with user clicks outside of the dialog
  • Fixed styling of the Transfer issue alert when dragging across groups is visually broken

See how to use GitHub for project planning with GitHub Issues, check out what's on the roadmap, and learn more in the docs.

See more