CodeQL scans on pull requests for C/C++ and Go now run incrementally, making them faster. Earlier this year, we released improved incremental analysis for CodeQL analysis of C#, Java, JavaScript/TypeScript, Python, and Ruby. We are now shipping the same improvements for C/C++ and Go, and are also adding incremental analysis to the CodeQL CLI.

Across more than 15,000 repositories, we classified repositories into three groups based on how long it takes to run a non-incremental scan:

  • Three minutes or less
  • Between three and seven minutes
  • Seven minutes or more

For these repositories, we measured the change in analysis time for incremental scans compared to traditional scans over a seven-day period. In each case, incremental scans showed a significant speed up.

Seven-day average speedup per language, split by non-incremental scan duration under three, between three and seven, over seven minutes. C/C++ 17%, 34%, 46%, Go 9%, 16%, 25%

This latest improvement to incremental analysis applies to repositories using code scanning with the default CodeQL query suite.

Incremental CodeQL analysis is enabled by default for all projects that are using the build mode none extraction mechanism in both default setup and advanced setup on github.com.

Beginning with version 2.25.5, CodeQL CLI also supports incremental analysis in third-party CI systems.