CodeQL is the static analysis engine that powers GitHub code scanning. CodeQL version 2.16.4
has been released and has now been rolled out to code scanning users on GitHub.com.
CodeQL code scanning now supports automatic fix suggestions for Java alerts on pull requests, powered by Copilot. This is automatically enabled for all current autofix preview participants. You can sign up for the preview here and use our public discussion for questions and feedback.
The number of generated autofixes is now also visible in a dedicated security overview tile:
Furthermore, this release
- adds support for C# 12 and .NET 8,
- adds support for Go 1.22 and improves file coverage of Go analyses for certain project setups,
- adds a new Java query for finding instances of keys generated for biometric authentication in an insecure way, and
- enables the NoSQL injection query for Python by default.
For a full list of changes, please refer to the complete changelog for version 2.16.4. All new functionality will also be included in GHES 3.13. Users of GHES 3.12 or older can upgrade their CodeQL version.