CodeQL 2.22.0 Enhances Go Coverage and Supports Swift 6.1.2

GitHub has announced the release of CodeQL version 2.22.0, the latest iteration of its static analysis engine designed to bolster code security through comprehensive scanning. CodeQL is an integral component of GitHub’s code scanning framework, identifying and addressing security vulnerabilities within codebases. This update, as detailed by GitHub, brings significant improvements, particularly for developers working with Go and Swift.

Enhancements for Go

The new release introduces a specialized query for the Go programming language, named go/html-template-escaping-bypass-xss. This query is specifically designed to detect potential cross-site scripting (XSS) vulnerabilities associated with the html/template package. By doing so, CodeQL enhances its capacity to secure Go applications by identifying risks that could potentially be exploited to execute malicious scripts.

Support for Swift 6.1.2

In addition to the enhancements for Go, CodeQL 2.22.0 extends its analytical capabilities to applications developed with Swift 6.1.2. This inclusion aligns with GitHub’s commitment to support a wide range of programming languages, ensuring that developers using the latest Swift version can benefit from CodeQL’s robust security analysis.

For developers seeking detailed information on the full spectrum of updates and improvements in this release, GitHub provides a comprehensive changelog. This document outlines all modifications, ensuring users can fully leverage the new features and optimizations offered by CodeQL 2.22.0.

Deployment and Upgrade Options

All new features of CodeQL 2.22.0 are automatically available to GitHub code scanning users on github.com. Additionally, these enhancements are set to be included in the upcoming GitHub Enterprise Server (GHES) version 3.19. For enterprises operating on older GHES versions, GitHub allows manual upgrades of the CodeQL version, ensuring that all users can access the latest security tools irrespective of their server configuration.

For further insights, users are encouraged to visit the official GitHub announcement on the GitHub blog.

Image source: Shutterstock