GitHub Announces CodeQL Improvements |
Written by Kay Ewbank |
Tuesday, 28 February 2023 |
GitHub has announced improvements to CodeQL, its semantic analysis engine. The improvements include support for new languages and the ability to perform deeper analyses of applications. GitHub acquired the technology for CodeQL as part of the acquisition of Semmie. CodeQL is used by security research teams to perform semantic analysis of code, and was made open source by GitHub..
CodeQL works by building a database that contains a relational representation of the code, then queries are run on the database to look for particular security problems. The queries are based on the patterns of known security problems, and building the patterns takes time. The improvements announced by GitHub include the full release of Ruby support for CodeQL which was announced at GitHub Universe 2022. The developers have improved this support since the beta, with twice the number of default queries, coverage for all Ruby-related OWASP categories out-of-the-box, and a better performance. Kotlin support has also been added, though this is at the beta stage. CodeQL now natively supports Kotlin and mixed Java and Kotlin projects. Kotlin support is an extension of the existing Java support in CodeQL, and can be used for both mobile and server-side applications. The team plans to add support for Swift later this year. The second part of the announcement concerns deeper analysis of security vulnerabilities in code. CodeQL comes with pre-constructed queries to detect security vulnerabilities, and the latest version includes 27 percent more security queries, with the option to enable even more with the extended query pack. The final improvement is to the way CodeQL is used, with the addition of CodeQL pack support to code scanning so developers can use CodeQL packs in GitHub.com and GitHub Enterprise, and the option of filtering out checks that aren't relevant to your code base. CodeQL is available on GitHub. . .
More InformationRelated ArticlesGitHub Code Scanning Now Uses Machine Learning GitHub Strengthens Team Working Microsoft Buys GitHub - Get Ready For a Bigger Devil
To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.
Comments
or email your comment to: comments@i-programmer.info |
Last Updated ( Tuesday, 28 February 2023 ) |