Back to updates

Code-Scanning - 1

2025 (11)

December (3)

github: CodeQL 2.23.7 and 2.23.8 add security queries for Go and Rust

GitHub

2025-12-18

GitHub released CodeQL versions 2.23.7 and 2.23.8, adding new security queries for Go and Rust. CodeQL is the static analysis engine used by GitHub Code Scanning and Code Quality to detect and help remediate code-quality and security issues.

github: Code scanning alert assignees are now generally available

GitHub

2025-12-16

GitHub has made code scanning alert assignees generally available. Teams can now assign individual code scanning alerts to specific people to create clear ownership and improve tracking and remediation of security vulnerabilities.

github: CodeQL 2.23.6 adds Swift 6.2.1 and new C# security queries

GitHub

2025-12-04

CodeQL 2.23.6 has been released, adding support for Swift 6.2.1 and introducing new C# security queries. CodeQL is the static analysis engine behind GitHub code scanning, used to find and remediate security issues. The announcement appeared on The GitHub Blog.

November (1)

github: Code scanning default setup bypasses GitHub Actions policy blocks

GitHub

2025-11-25

GitHub changed code scanning's default setup so it will run even when an organization enforces restrictive GitHub Actions policies that normally prevent certain workflows from running. Previously those policies could block the code scanning default setup.

October (3)

github: CodeQL 2.23.3 adds a new Rust query, Rust support, and easier C/C++ scanning

GitHub

2025-10-23

CodeQL 2.23.3 is a maintenance release for GitHub's static analysis engine that adds a new Rust query, improves Rust support, and makes C/C++ scanning easier, helping GitHub code scanning find and remediate security issues more effectively.

github: CodeQL scanning Rust and C/C++ without builds is now generally available

GitHub

2025-10-14

GitHub announced that CodeQL now generally supports scanning Rust projects and scanning C/C++ projects without requiring builds. Both features have exited public preview and are available in GitHub code scanning.

github: CodeQL 2.23.2 adds additional detections for Rust, and improves accuracy across languages

GitHub

2025-10-09

CodeQL 2.23.2 is a maintenance release for the static analysis engine used by GitHub code scanning. The release adds additional Rust security detections and improves analysis accuracy across multiple languages.

September (4)

github: CodeQL 2.23.1 adds support for Java 25, TypeScript 5.9 and Swift 6.1.3

GitHub

2025-09-26

CodeQL 2.23.1 is a new release of GitHub's static analysis engine that adds language support for Java 25, TypeScript 5.9, and Swift 6.1.3 to improve code scanning and security analysis.

github: Accelerate remediation with security campaigns and assignable alerts for code scanning and secret scanning

GitHub

2025-09-23

GitHub announced two enhancements to speed up remediation of security issues: expanding security campaigns to cover secret scanning alerts and adding assignable alerts for both code scanning and secret scanning so teams can assign ownership and track remediation.

github: CodeQL 2.23.0 adds support for Rust log injection and other security detection improvements

GitHub

2025-09-10

CodeQL 2.23.0 is a new release of GitHub's static analysis engine used by code scanning. The release adds explicit support for detecting Rust log injection and includes other security detection improvements to help find and remediate vulnerabilities.

github: CodeQL 2.22.4 adds support for Go 1.25 and accuracy improvements

GitHub

2025-09-03

GitHub released CodeQL 2.22.4 (2025-09-02), adding support for Go 1.25 and delivering accuracy improvements to its static analysis engine used by GitHub Code Scanning to find and remediate security issues.