CodeQL is the analysis engine that powers GitHub code scanning for over 100,000 repositories. We continuously improve our analysis capabilities, language support and performance to help open source developers and enterprises catch vulnerabilities before they make their way into production code. CodeQL is also an instrumental tool for the security researcher community and was used to identify 36 new CVE.
We release updates and improvements for CodeQL on a regular basis. We don’t get to call out all the improvements, but we want to highlight some of the most important updates we’ve shipped for CodeQL in the first half of the year:
- Shortly before WWDC in June, we added beta support for Swift, which together with Kotlin completes CodeQL’s support for next-generation mobile development.
- We’ve updated CodeQL to support these new language versions (view all): Swift 5.8.1, C#11 , .NET 7, Kotlin 1.8, Go 1.20, TypeScript 5.0 & 5.1, Ruby 3.2, Java 20.
- We saw a 16% average performance improvement for CodeQL analyses.
- We improved CodeQL modelling for popular Ruby libraries (SQLite, MySQL, Rack) and added coverage for more than 5000 API methods in Java, increasing analysis coverage and reducing false negatives.
- We released a new mechanism called default setup, to configure CodeQL at the repo and the organization level.
- We added 4 new memory-corruption queries for C/C++, 6 new queries for Java, 1 for Python and adjusted over 100 queries across all languages.
- We started showing actionable information on the tool status page.
- Enabled scanning Python repositories without installing dependencies.
- We made the release process faster, 1 week, and optimised the roll-out strategy to get you on the latest release as quick as possible, benefiting from the latest updates in CodeQL.
- Deprecated CodeQL Action v1 and enabled Dependabot to automatically move you to a newer version.
These features have been shipped across multiple versions of CodeQL from
2.12.0 up to
2.14.0, which are shipped with GHES
3.9 and upcoming
3.10. All users of CodeQL code scanning on GitHub.com automatically benefit from the latest improvements.