CodeQL 2.18.1: Kotlin & Swift mobile support is generally available, TypeScript 5.5 support, C# build-mode: none public beta

CodeQL is the static analysis engine that powers GitHub code scanning. CodeQL version 2.18.1 has been released and has now been rolled out to code scanning users on GitHub.com.

Important changes by version include:

• For CodeQL 2.17.6:
  • C# can now use build-mode: none, which allows scanning C# code without requiring working builds.
• For CodeQL 2.18.0:
  • Support for TypeScript 5.5.
• For CodeQL 2.18.1:
  • Kotlin & Swift support for mobile applications is now generally available.
  • Java build-mode: none analyses now only report a warning on the tool status page when significant analysis problems are detected.
  • Two new JavaScript queries js/functionality-from-untrusted-domain has been added to detect usage of scripts from untrusted domains, including polyfill.io content delivery network and js/insecure-helmet-configuration to detect instances where important Helmet security features are disabled.
  • The precision of cpp/iterator-to-expired-container & cpp/unsafe-strncat have been increased to high. They have been moved to the default query suite.

For a full list of changes, please refer to the complete changelog for versions 2.17.6, 2.18.0, and 2.18.1. All new functionality will be included in GHES 3.15. Users of GHES 3.14 or older can upgrade their CodeQL version.