GitHub Announces CodeQL Improvements
Written by Kay Ewbank   
Tuesday, 28 February 2023

GitHub has announced improvements to CodeQL, its semantic analysis engine. The improvements include support for new languages and the ability to perform deeper analyses of applications.

GitHub acquired the technology for CodeQL as part of the acquisition of Semmie. CodeQL is used by security research teams to perform semantic analysis of code, and was made open source by GitHub..

codeqlsq

 

CodeQL works by building a database that contains a relational representation of the code, then queries are run on the database to look for particular security problems. The queries are based on the patterns of known security problems, and building the patterns takes time.

The improvements announced by GitHub include the full release of Ruby support for CodeQL which was announced at GitHub Universe 2022. The developers have improved this support since the beta, with twice the number of default queries, coverage for all Ruby-related OWASP categories out-of-the-box, and a better performance.

Kotlin support has also been added, though this is at the beta stage. CodeQL now natively supports Kotlin and mixed Java and Kotlin projects. Kotlin support is an extension of the existing Java support in CodeQL, and can be used for both mobile and server-side applications. The team plans to add support for Swift later this year.

The second part of the announcement concerns deeper analysis of security vulnerabilities in code. CodeQL comes with pre-constructed queries to detect security vulnerabilities, and the latest version includes 27 percent more security queries, with the option to enable even more with the extended query pack.

The final improvement is to the way CodeQL is used, with the addition of CodeQL pack support to code scanning so developers can use CodeQL packs in GitHub.com and GitHub Enterprise, and the option of filtering out checks that aren't relevant to your code base.

CodeQL is available on GitHub.

.

qlicon

.

 

More Information

GitHub code scanning

CodeQL

Related Articles

GitHub Code Scanning Now Uses Machine Learning

GitHub Strengthens Team Working

New From GitHub Universe

GitHub Launches Actions

Microsoft Buys GitHub - Get Ready For a Bigger Devil

 

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.

Banner

Pg_lakehouse Makes PostgreSQL Quack
08/07/2024

Pg_Lakehouse from ParadeDB is an extension that turns PostgreSQL into the analytical engine of DuckDB. Why is that useful? How do you use it?


+ Full Story
BusyBeaver(5) Is 47,176,870
03/07/2024

The thing about the BusyBeaver function is that it is very easy to understand, but very difficult to compute. We now know its value up to 5, which isn't much progress for more than 50 years work.


+ Full Story
More News

kotlin book

 

Comments




or email your comment to: comments@i-programmer.info
Last Updated ( Tuesday, 28 February 2023 )