After adding support for Ruby at GitHub Universe 2022, CodeQL introduced Kotlin support in beta. Additionally, support for other languages has been extended to include more recent versions. GitHub has also extended available queries to fully cover several industry-wide vulnerability directories, and improved the CodeQL ecosystem.
CodeQL powers GitHub semantic code scanning. Based on semantic code analysis engine Semmle, CodeQL allows you to define queries to find, triage, and prioritize fixes, including security issues such as remote code execution (RCE), SQL injection, and cross-site scripting (XSS). CodeQL comes with a library of ready-to-use open-source queries that help identify coding patterns that hint at known vulnerabilities and their variants.
The use of queries might sound complex, but we make it easy by providing out-of-the-box queries, written and curated by GitHub researchers and community security researchers, covering everything from the most critical to common vulnerabilities.
Kotlin support is an extension of existing Java support, with the inclusion of a number of Android-specific queries related to intents, fragments, WebView validation, etc.
Kotlin marks our first investment in mobile application security, and beta support for Swift will be coming later this year.
As mentioned, existing support for other languages has been extended to fully support Java 19, Go 1.19, and Python 3.11.
To make CodeQL more effective, GitHub has extended its collection of queries and now includes 318 security queries by default, which can be brought up to 432 with a query pack. CodeQL can be used along with Dependabot alerts to increase coverage of your code respect to several vulnerability directories. This includes all applicable OWASP categories, SANS CWE Top 25 most dangerous software errors, and 100% of the Web Application Security Consortium (WASC) applicable categories.
Other improvements to the CodeQL experience include CodeQL pack support on GitHub.com and GitHub Enterprise; support for query customization and filtering; increased analysis speed, which is now 16% faster.
As a final note, GitHub is also providing access to stored CodeQL databases for popular open source projects, which contain a representation of the codebase including its abstract syntax tree, the data flow graph, and the control flow graph. That information can be used by security researchers for variant analysis, useful to find similar problems in other codebases.