Code scanning: deprecation of CodeQL Action v2

On December 13, 2023, we released CodeQL Action v3, which runs on the Node.js 20 runtime. CodeQL Action v2 will be deprecated at the same time as GHES 3.11, which is currently scheduled for December 2024.

How does this affect me?

Default setup

Users of code scanning default setup do not need to take any action in order to automatically move to CodeQL Action v3.

Advanced setup

Users of code scanning advanced setup need to change their workflow files in order to start using CodeQL Action v3.

Users of GitHub.com and GitHub Enterprise Server 3.12 (and newer)

All users of GitHub code scanning (which by default uses the CodeQL analysis engine) on GitHub Actions on the following platforms should update their workflow files:

  • GitHub.com (including open source repositories, users of GitHub Teams and GitHub Enterprise Cloud)
  • GitHub Enterprise Server (GHES) 3.12 (and newer)

Users of the above-mentioned platforms should update their CodeQL workflow file(s) to refer to the new v3 version of the CodeQL Action. Note that the upcoming release of GitHub Enterprise Server 3.12 will ship with v3 of the CodeQL Action included.

Users of GitHub Enterprise Server 3.11

While GHES 3.11 does support Node 20 Actions, it does not ship with CodeQL Action v3. Users who want to migrate to v3 on GHES 3.11 should request that their system administrator enables GitHub Connect to download v3 onto GHES before updating their workflow files.

Users of GitHub Enterprise Server 3.10 (and older)

GHES 3.10 (and earlier) does not support running Actions using the Node 20 runtime and is therefore unable to run CodeQL Action v3. Please upgrade to a newer version of GitHub Enterprise Server prior to changing your CodeQL Action workflow files.

Exactly what do I need to change?

To upgrade to CodeQL Action v3, open your CodeQL workflow file(s) in the .github directory of your repository and look for references to:

  • github/codeql-action/init@v2
  • github/codeql-action/autobuild@v2
  • github/codeql-action/analyze@v2
  • github/codeql-action/upload-sarif@v2

These entries need to be replaced with their v3 equivalents:

  • github/codeql-action/init@v3
  • github/codeql-action/autobuild@v3
  • github/codeql-action/analyze@v3
  • github/codeql-action/upload-sarif@v3

Can I use Dependabot to help me with this upgrade?

Yes, you can! For more details on how to configure Dependabot to automatically upgrade your Actions dependencies, please see this page.

What happens in December 2024?

In December 2024, CodeQL Action v2 will be officially deprecated (at the same time as the GHES 3.11 deprecation). At that point, no new updates will be made to CodeQL Action v2, which means that new CodeQL analysis capabilities will only be available to users of CodeQL Action v3. We will keep a close eye on the migration progress across GitHub. If many workflow files still refer to CodeQL Action v2, we might consider scheduling one or more brownout moments later in the year to increase awareness.

GitHub Copilot Chat now generally available for organizations and individuals

Recently, we announced that GitHub Copilot Chat in IDEs is now generally available for both Visual Studio Code and Visual Studio, and is included in all GitHub Copilot plans alongside the original GitHub Copilot productivity boosting code completion capabilities. It is also available at no cost to verified teachers, students, and maintainers of popular open source projects. As of now, GitHub Copilot Chat is still in the private beta for JetBrains IDEs.

If you’ve been using Copilot Chat in public beta or have already provided access to your development team, no additional actions are required. There’s also no need to install any additional extensions; Copilot chat extension is bundled together with the Copilot extension.

Enterprise and organization administrators can grant their development teams access to Copilot Chat by enabling the Copilot Chat setting for their users.

Please check out our guide for getting started with Copilot chat.

Looking forward to hearing about how you’re putting it to use!

Join the discussion within GitHub Community.

See more

The new year brings new features and improvements for the Copilot Enterprise! 🎆 These changes are focused on streamlined onboarding and ease of use.

As a reminder, Copilot Enterprise is currently in limited public beta. Enterprises can request access by signing up to the waitlist.

Semantic search can be enabled on any repository

Developers in an enterprise with access to Copilot Enterprise can now enable semantic search on a repository through the click of a button. Once a repository is indexed, Copilot has a much improved understanding of the code base in that repository and can answer questions via Copilot Chat in GitHub.com.

Create docsets to access your company’s critical knowledge

Organizations with documentation hosted in GitHub repos and written in Markdown (.md, .mdx) can now create “docsets” and enable developers in those organizations to access that critical knowledge via Copilot Chat in GitHub.com.

To get started, admins can create a docset, including the repositories that contain Markdown documentation.

Members of the corresponding organization can start to ask questions about the documentation by selecting the docset from Copilot’s “New conversation” UI in GitHub.com.

An organization can have multiple docsets – so, for example, an admin could create a docset for each team with the repositories that are relevant to them.

Introducing Copilot chat for pull request diffs

Developers are now be able to ask Copilot Chat questions about diffs on GitHub.com. To see this in action, simply navigate to a diff and use one of the following two entry points:

  1. Select some of the lines in the diff, and click on the icon on the right. You can click “Explain” to ask Copilot to explain those lines.
  2. You can also ask Copilot to chat about an entire file in the diff by clicking on the three dots at the top-right of the file in the diff. Click on “Ask Copilot about this diff” to start chatting about it.

Improved onboarding and discoverability

  • Enterprise admins have now access to improved onboarding as they enable Copilot Enterprise within their enterprise.
  • GitHub Copilot on GitHub.com can now be accessed via the search bar.
See more