CodeQL is the static analysis engine behind GitHub code scanning, which finds and remediates security issues in your code. We’ve recently released CodeQL 2.22.1 which brings Rust support to public preview, expands framework modeling, and improves accuracy for some queries.

Language & framework support

  • Rust: Rust language support is now available in public preview. You can start analyzing Rust projects with CodeQL.
  • C/C++: Added flow models for the popular libraries zlib, brotli, libidn2, libssh2, nghttp2, libuv, and curl. This results in improved detection of vulnerabilities in codebases using these libraries.

Query changes

  • JavaScript/TypeScript: Removed encodeURI and escape from the sanitizer list for request forgery queries.
  • JavaScript/TypeScript: The JavaScript extractor now automatically skips generated JavaScript files if the original TypeScript files are present, as well as files in output directories specified by tsconfig.json.

For a full list of changes, see the CodeQL 2.22.1 changelog.

Every new version of CodeQL is automatically deployed to users of GitHub code scanning on github.com. The new features in CodeQL 2.22.1 will be included in GitHub Enterprise Server (GHES) 3.19. If you use an older version of GHES, you can manually upgrade your CodeQL version.