Skip to content

CodeQL code scanning deprecates ML-powered alerts

In February 2022, we introduced experimental CodeQL queries that utilize machine learning to identify more potential vulnerabilities. This feature was only available for JavaScript / TypeScript code and was available to code scanning users that enabled the optional security-extended or security-and-quality query suites.

We disabled this experimental feature for new code scanning users in June 2023. Today, we're sunsetting it for all users.

Any currently open code scanning alerts from these queries (Rule ID starts with js/ml-powered/) will be closed. Closed alerts will still be visible in the code scanning alerts view in your repository’s Security tab. The complete history of each alert will remain accessible by clicking on the alert.

CodeQL will continue to run the existing non-ML versions of these queries and provide you with highly precise and actionable alerts.

We’ve learned a lot from the feedback and experience of the repositories that participated in this experiment, and we’ve since ramped up our investment in AI-powered security technology. This new technology is already boosting our ability to cover more sources and sinks of untrusted data in order to significantly increase the coverage and depth of all queries.

Today's changelog brings you improvements to project templates (public beta), including new templates pages and the ability to create a template with a single click!

🏠 Find projects templates from your organization's Projects page

You'll now find all project templates in the "Templates" section of your organization's Projects page. This allows you to quickly find, filter, and open all available templates right alongside your projects.

You can also create templates using New template, in addition to converting an existing project into a template by toggling Make template on the project's settings page.

Create, set up, and reuse templates to make getting started with new projects a breeze!

organization templates page

In order to find templates that are relevant to you and your teams, you can now link project templates and create them directly from your team and repository "Projects" pages. This allows you to link relevant templates for quick and easy access the same way that you can link or create projects from these locations.

✍️ Tell us what you think!

We’ve got more improvements planned for project templates but we want to hear from you, so be sure to drop a note in the discussion and let us know how we can improve! Check out the documentation for more details.

Bug fixes and improvements

  • Improved the project collaborators suggestions to differentiate between teams and users
  • Fixed a bug where you could not download an empty project view with Export view data
  • Fixed a border contrast issue in the Workflows page

See how to use GitHub for project planning with GitHub Issues, check out what's on the roadmap, and learn more in the docs.

Questions or suggestions? Join the conversation in the community discussion.

See more

You can now now see the list of recent jobs that Dependabot has run to check for updates and create or rebase pull requests directly from the repository-level dependency graph section of the insights tab. This list will show whether a job was successful, any error messages, and provide links to both the full logs for the job and any pull request affected by the job. This will give you more visibility into the Dependabot process and help you debug.

Screenshot of a list of details about recent Dependabot jobs for a repository

Learn more about troubleshooting Dependabot issues

See more