CodeQL is the static analysis engine that powers GitHub code scanning. CodeQL version 2.17.1
has been released and has now been rolled out to code scanning users on GitHub.com.
CodeQL code scanning now supports automatic fix suggestions for C# alerts on pull requests, powered by Copilot. This is automatically enabled for all private repositories for all GitHub Advanced Security customers. For the first time, autofix covers nearly all security queries for a language, with 49 supported queries for C# from our Default and Extended suites. Use our public discussion for questions and feedback.
Also included in this release:
- Over 13,000 new models have been added to improve Java coverage. The models can results in alerts being both introduced as well as removed.
- Two new queries have been added for Ruby:
rb/insecure-mass-assignment
detects instances of mass assignment operations accepting arbitrary parametersrb/csrf-protection-not-enabled
detects cases where Cross-Site Request Forgery protection is not enabled in Ruby on Rails controllers- Results created using
PathGraph
now produce information about the models used for each flow step.
For a full list of changes, please refer to the complete changelog for version 2.17.1. All new functionality will also be included in GHES 3.13. Users of GHES 3.12 or older can upgrade their CodeQL version.