Use GitHub code search to support security research with multi-repository variant analysis for CodeQL (beta)

The latest release of CodeQL for VS Code includes new functionality for creating lists of target repositories for multi-repository variant analysis with GitHub code search.

Multi-repository variant analysis (MRVA) allows security researchers to run CodeQL analyses against large numbers of repos straight from the CodeQL extension for VS Code, making it possible to identify new types of security vulnerabilities in the most popular open-source codebases. Curated lists of up to 1,000 widely-used public GitHub repositories are included with MRVA to help you get started quickly – you can even trigger an MRVA run against up to 1,000 repositories in a single GitHub organization.

However, if you’d prefer to target different repositories, you can also create your own custom lists. To help make it easier to identify the most relevant repositories to include in your custom lists we have just released a new integration with the GitHub search API in the CodeQL extension. With this new feature, you can restrict the repositories appearing in your custom lists by the contents of source files, file paths, file location, or any other supported search qualifier.

For more information about how to use GitHub code search with MRVA, see Using GitHub code search to add repositories to a custom list in the CodeQL for VS Code documentation.

Today's Changelog brings you copy and paste improvements, updates to the API in projects and a flurry of tasklist updates.

📋 Copy and paste improvements

Copying table cells has been updated from plain text to rich text! Rich formatting like bold, inline code and links will now be maintained when copying and pasting data from a project. This allows better direct pasting when working across applications like Excel, Sheets, and GitHub Markdown editors. We've also made other small improvements like updating the CSV format to export tab-separated, instead of comma-separated files as well as, copying GitHub handles instead of full names.

🌐 Updated title tab in browser 


By popular demand, we've updated the tab title bar in your browser to display Issue nameView nameProject name in that order. This also applies to bookmarks and social titles!

💅 Support filtering on field schema in ProjectsV2SingleSelectField

Returning all of the options for a single select field can make our API's response hard for users to parse. You can now filter the options array by name when using GraphQL to fetch only the contents of a single select field that you care about!

query {
  organization(login:"github") {
    projectV2(number:6051) {
      creator {
        ... on User { login }
      }
      shortDescription
      field(name:"Status") {
        ... on ProjectV2SingleSelectField {
          dataType
          updatedAt
          options(names:["On hold ⏰", "Done"]) {
            name
          }
        }
      }
    }
  }
}

🎨 Tasklist redesign, accessibility improvements

Tasklists got a refresh! Alongside making the drag and drop functionality a bit more discoverable, we've added separators between items in your tasklist and made other small design tweaks.

As part of this redesign, tasklists are now more easily read by screen readers and can be navigated with tab as well as the arrow keys. We've moved previously inaccessible actions, like converting a draft task to an issue or clicking the assignee placeholder to edit assignees, into the three dot menu for each task.

➕ Bulk add tasklist issues to projects

You can now add any new items which have appeared in your issue's tasklist with a click of a button! Simply group by the Tracked by field and add all of the missing children directly and automatically to your project.

⭐ Add to project from projects side panel

Has this ever happened to you? You're managing issues in your project and you use the breadcrumb navigation to to open an issue you want to edit but you find its not yet in the project so you can't access project fields?! 😖

Well, fear not, we've added the ability to quickly add any issue you open in the projects side panel to your project so you can more easily edit project metadata on your issues!

Bug fixes and improvements

  • Hiding columns in board view no longer errors for column names with multiple words
  • Improved performance on dragging rows
  • Fixed wrapping format when editing custom fields in the View menu
  • The Select column action is now available for non-editable columns
  • Users can now select more than 50 cells at a time
  • Fixed a bug so that if all characters are deleted in a draft issue title and the draft is closed, the title will revert back to the state before all characters were deleted
  • As part of the work towards removing the 1200 item limit on projects. Table row numbers will now always show in ascending order for the items in the view. Rather than showing a global number which may have included spaces for items filtered out of the view.
  • Resolved a bug in tasklists where merged pull requests were showing as "closed," reverted back to showing issue icons, full pull request support coming soon!
  • When creating a new field in a view, we’ve updated the behaviour to confirm on cancel so that new field is not lost with user clicks outside of the dialog
  • Fixed styling of the Transfer issue alert when dragging across groups is visually broken

See how to use GitHub for project planning with GitHub Issues, check out what's on the roadmap, and learn more in the docs.

See more

In late 2022 we launched a private beta of innersource restricted users allowing customers with enterprise managed users (EMU) to assign an IdP-defined role to users who should not be granted access to internal repositories in any organization they are not expressly a member. We have made improvements to align product behavior with beta customer feedback and are updating the feature name to "guest collaborators" to better reflect the expected use cases. Guest collaborators are distinct from outside collaborators because they are always IdP-defined users intended to be fully managed within an enterprise's security boundary.

Existing private beta customers will see visual changes reflecting the transition from "restricted users" to "guest collaborators" over the coming days. We have also submitted Azure AD and Okta app changes to support a "guest collaborator" role to replace "restricted user". While the guest collaborators feature remains in private beta, we are working toward an upcoming public beta release adding the ability to selectively add guest collaborators to individual repositories without granting organization membership. At public beta release, we will have more information on how to transition your existing app integration without any breaking change.

We are still accepting private beta enrollments for customers if you would like to test the existing capabilities of the feature. Please reach out to your account team or contact our sales team for more details.

See more