Skip to content

Code scanning default setup is now available for all CodeQL supported languages, excluding Swift

Code scanning default setup is now available for all CodeQL supported languages, excluding Swift. This includes supporting JavaScript/TypeScript, Ruby, Python, Go, Java/Kotlin, C/C++, and C# at the repository level. We will extend support to include Swift soon. We are also working to extend all CodeQL language support to the organization level.

Default setup detects the languages in the repository and automatically analyzes JavaScript/TypeScript, Ruby, Python, and Go. With this enhancement, you can customize the configuration to also analyze Java/Kotlin, C/C++, and C#. The configuration can be viewed and edited at any time, during or after set up.

You can also use the REST API to include CodeQL supported languages in the default setup configuration.

What if the analysis for a language fails in default setup?

It is possible for the CodeQL analysis for a particular language to fail, such as when the code can't be compiled. If the CodeQL analysis for a language fails in default setup, you will see an error message on the repository's settings page, in the code security and analysis section. To resolve the situation you can:

  1. Deselect the language from the configuration and continue to use default setup for the successful languages.
  1. Convert to advanced setup. The advanced setup uses a yml file and allows you to provide the build information required for the CodeQL analysis to succeed.
  1. Debug and fix the cause of the language failure. The Actions log will provide the failure reason so you can resolve this for a successful analysis.

Why aren't some languages automatically included in the default setup configuration ?

Java (including Kotlin), C/C++, and C# are not automatically included in the default setup configuration because they often require more advanced configuration. Code written in these languages needs to be compiled in order for CodeQL analysis to proceed. CodeQL will attempt to build your code automatically but may fail if your code requires bespoke build steps.

Java (including Kotlin), C/C++, and C# are not included in bulk code scanning setup from the organization level. We are working to extend all CodeQL language support to the organization level soon.

For more information on code scanning default setup, see Configuring code scanning automatically.

The Enterprise and Organization audit log UI and user security logs UI now include an expandable view that displays the full audit log payload of each event.

Customers can now see the same event metadata when searching your audit log via U/I, exporting audit logs to a JSON file, querying the audit log API, or streaming your audit logs to one of our supported streaming endpoints.

See more

Last year, we made merging pull requests much faster by using the merge-ort strategy. Now, rebase commits get the same merge-ort treatment. This results in significantly improved speed: the P99 (the average time to complete rebases excluding the 1% slowest outliers) used to take around 3.6 seconds. P99 with the new strategy is 0.35 seconds. Because of the speedup, the fraction of PR rebases which fail due to timeouts dropped from 1.3% to 0.14%.

Learn more about the Git merge-ort strategy and merge methods for pull requests.

See more