Back to updates

CodeQL - 1

2025 (9)

October (5)

github: Upcoming deprecation of CodeQL Action v3

GitHub

2025-10-28

GitHub released CodeQL Action v4 on October 7, 2025; v4 runs on the Node.js 24 runtime. CodeQL Action v3 will be deprecated at the same time as GitHub Enterprise Server (GHES) 3.19.

github: New public preview features in Copilot code review: AI reviews that see the full picture

GitHub

2025-10-28

GitHub announced new public preview features for Copilot code review that combine LLM detections and tool-calling with deterministic analyzers (for example ESLint and CodeQL) to produce smarter, more comprehensive reviews and enable a smooth handoff to the Copilot coding agent.

github: CodeQL 2.23.3 adds a new Rust query, Rust support, and easier C/C++ scanning

GitHub

2025-10-23

CodeQL 2.23.3 is a maintenance release for GitHub's static analysis engine that adds a new Rust query, improves Rust support, and makes C/C++ scanning easier, helping GitHub code scanning find and remediate security issues more effectively.

github: CodeQL scanning Rust and C/C++ without builds is now generally available

GitHub

2025-10-14

GitHub announced that CodeQL now generally supports scanning Rust projects and scanning C/C++ projects without requiring builds. Both features have exited public preview and are available in GitHub code scanning.

github: CodeQL 2.23.2 adds additional detections for Rust, and improves accuracy across languages

GitHub

2025-10-09

CodeQL 2.23.2 is a maintenance release for the static analysis engine used by GitHub code scanning. The release adds additional Rust security detections and improves analysis accuracy across multiple languages.

September (4)

github: CodeQL 2.23.1 adds support for Java 25, TypeScript 5.9 and Swift 6.1.3

GitHub

2025-09-26

CodeQL 2.23.1 is a new release of GitHub's static analysis engine that adds language support for Java 25, TypeScript 5.9, and Swift 6.1.3 to improve code scanning and security analysis.

github: Incremental security analysis with CodeQL is now available for all languages

GitHub

2025-09-23

GitHub announced that CodeQL analysis on pull requests is now incremental for Go, C#, C/C++ and Swift, meaning all CodeQL-supported languages now use the new incremental analysis to provide faster security scans and feedback.

github: CodeQL 2.23.0 adds support for Rust log injection and other security detection improvements

GitHub

2025-09-10

CodeQL 2.23.0 is a new release of GitHub's static analysis engine used by code scanning. The release adds explicit support for detecting Rust log injection and includes other security detection improvements to help find and remediate vulnerabilities.

github: CodeQL 2.22.4 adds support for Go 1.25 and accuracy improvements

GitHub

2025-09-03

GitHub released CodeQL 2.22.4 (2025-09-02), adding support for Go 1.25 and delivering accuracy improvements to its static analysis engine used by GitHub Code Scanning to find and remediate security issues.