GitHub Announces CodeQL Improvements
Written by Kay Ewbank   
Tuesday, 28 February 2023

GitHub has announced improvements to CodeQL, its semantic analysis engine. The improvements include support for new languages and the ability to perform deeper analyses of applications.

GitHub acquired the technology for CodeQL as part of the acquisition of Semmie. CodeQL is used by security research teams to perform semantic analysis of code, and was made open source by GitHub..

codeqlsq

 

CodeQL works by building a database that contains a relational representation of the code, then queries are run on the database to look for particular security problems. The queries are based on the patterns of known security problems, and building the patterns takes time.

The improvements announced by GitHub include the full release of Ruby support for CodeQL which was announced at GitHub Universe 2022. The developers have improved this support since the beta, with twice the number of default queries, coverage for all Ruby-related OWASP categories out-of-the-box, and a better performance.

Kotlin support has also been added, though this is at the beta stage. CodeQL now natively supports Kotlin and mixed Java and Kotlin projects. Kotlin support is an extension of the existing Java support in CodeQL, and can be used for both mobile and server-side applications. The team plans to add support for Swift later this year.

The second part of the announcement concerns deeper analysis of security vulnerabilities in code. CodeQL comes with pre-constructed queries to detect security vulnerabilities, and the latest version includes 27 percent more security queries, with the option to enable even more with the extended query pack.

The final improvement is to the way CodeQL is used, with the addition of CodeQL pack support to code scanning so developers can use CodeQL packs in GitHub.com and GitHub Enterprise, and the option of filtering out checks that aren't relevant to your code base.

CodeQL is available on GitHub.

.

qlicon

.

 

More Information

GitHub code scanning

CodeQL

Related Articles

GitHub Code Scanning Now Uses Machine Learning

GitHub Strengthens Team Working

New From GitHub Universe

GitHub Launches Actions

Microsoft Buys GitHub - Get Ready For a Bigger Devil

 

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.

Banner


Personal Picks For Holiday Gifts
29/11/2024

It's Black Friday, the traditional day to indulge in online shopping. Not every item that is included in my selection of gifts is subject to a promotional offer, but where they aren't you might be poi [ ... ]



Eclipse IoT Developer Survey 2024
04/12/2024

The Eclipse Foundation’s IoT Working Group has released the results of its 2024 IoT Developer Survey. Industrial automation and automotive are now the leading industry sectors and connectivity is th [ ... ]


More News

espbook

 

Comments




or email your comment to: comments@i-programmer.info

Last Updated ( Tuesday, 28 February 2023 )