CodeQL scans on pull requests for C#, Java, JavaScript/TypeScript, Python, and Ruby are now incremental, making them faster. Earlier this year, we sped up scans during pull requests with CodeQL by approximately 20% by analyzing only new or changed code. We are now further improving the performance of CodeQL incremental analysis by generating a CodeQL database to represent your new or changed code introduced in pull requests and combining it with a cached database for your entire codebase.

Across more than 100,000 repositories, we classified repositories into three groups based on how long it takes to run a non-incremental scan:

  • Less than three minutes
  • Between three and seven minutes
  • Over seven minutes

Based on that classification, here’s the average per-language speedup we observed on scan times over a seven-day period:
Seven day average speedup per language, split by non-incremental scan duration under three, between three and seven, over seven minutes. Java 22%, 32%, 51%, C# 4%, 6%, 8%, JavaScript/TypeScript 29%, 47%, 70%, Python 11%, 57%, 70%, Ruby 10%, 43%, 63%

This latest improvement to incremental analysis will only be applicable to those using the default CodeQL query suite.

The incremental analysis is enabled by default for C#, Java, JavaScript/TypeScript, Python, and Ruby projects that are using the build mode none extraction mechanism in both default setup and advanced setup on github.com.

CodeQL CLI will receive support for incremental scanning at a later date.