GitHub Announces CodeQL Improvements
Written by Kay Ewbank   
Tuesday, 28 February 2023

GitHub has announced improvements to CodeQL, its semantic analysis engine. The improvements include support for new languages and the ability to perform deeper analyses of applications.

GitHub acquired the technology for CodeQL as part of the acquisition of Semmie. CodeQL is used by security research teams to perform semantic analysis of code, and was made open source by GitHub..

codeqlsq

 

CodeQL works by building a database that contains a relational representation of the code, then queries are run on the database to look for particular security problems. The queries are based on the patterns of known security problems, and building the patterns takes time.

The improvements announced by GitHub include the full release of Ruby support for CodeQL which was announced at GitHub Universe 2022. The developers have improved this support since the beta, with twice the number of default queries, coverage for all Ruby-related OWASP categories out-of-the-box, and a better performance.

Kotlin support has also been added, though this is at the beta stage. CodeQL now natively supports Kotlin and mixed Java and Kotlin projects. Kotlin support is an extension of the existing Java support in CodeQL, and can be used for both mobile and server-side applications. The team plans to add support for Swift later this year.

The second part of the announcement concerns deeper analysis of security vulnerabilities in code. CodeQL comes with pre-constructed queries to detect security vulnerabilities, and the latest version includes 27 percent more security queries, with the option to enable even more with the extended query pack.

The final improvement is to the way CodeQL is used, with the addition of CodeQL pack support to code scanning so developers can use CodeQL packs in GitHub.com and GitHub Enterprise, and the option of filtering out checks that aren't relevant to your code base.

CodeQL is available on GitHub.

.

qlicon

.

 

More Information

GitHub code scanning

CodeQL

Related Articles

GitHub Code Scanning Now Uses Machine Learning

GitHub Strengthens Team Working

New From GitHub Universe

GitHub Launches Actions

Microsoft Buys GitHub - Get Ready For a Bigger Devil

 

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.

Banner

Ai-Da's Portrait of Alan Turing At Auction
01/11/2024

Sotheby's Digital Art Day Action, now underway, features a large-scale portrait of  Alan Turing created by Ai-Da, the humanoid robot artist whose work, including this canvas, was exhibited at the [ ... ]


+ Full Story
CSS Ecosystem In the Spotlight
06/11/2024

The 2024 edition of the State of CSS has been posted, revealing that the latest features of the language not only do away with extra tooling, but even start taking on tasks that previously requir [ ... ]


+ Full Story
More News

espbook

 

Comments




or email your comment to: comments@i-programmer.info
Last Updated ( Tuesday, 28 February 2023 )