CodeQL 2.22.4 Enhances Support for Go 1.25 and Improves Security Analysis

Rongchai Wang
Sep 03, 2025 09:30

GitHub’s CodeQL 2.22.4 release introduces Go 1.25 support, new security queries for Rust, and improved analysis accuracy, enhancing code scanning capabilities.

GitHub has released CodeQL 2.22.4, a significant update to its static analysis engine, which is instrumental in identifying and addressing security vulnerabilities in code. The latest version introduces support for Go 1.25, alongside a suite of enhancements aimed at boosting the accuracy and breadth of analysis capabilities, according to GitHub.

Language and Framework Support

CodeQL’s newest version extends its support to Go 1.25, reflecting GitHub’s commitment to keeping pace with evolving programming languages. In addition, the update brings enhanced framework support for Rust, with improved models for popular libraries such as postgres, rusqlite, sqlx, and tokio-postgres. These enhancements are designed to refine query results, particularly those related to SQL injection and cleartext storage detection.

Furthermore, Java and Kotlin users will benefit from new library models for jakarta.servlet.ServletRequest and jakarta.servlet.http.HttpServletRequest method calls, expanding the remote flow sources available for analysis.

Query Enhancements

The update introduces a new security query for Rust, rust/cleartext-storage-database, aimed at identifying instances where sensitive data is stored in databases without encryption. This addition underscores GitHub’s focus on enhancing security measures within its code scanning tools.

Additional improvements have been made to C/C++ analysis, with the resolution of false positives in the cpp/overflow-buffer query. This fix is particularly relevant when the destination buffer type involves a reference to a class or struct type. For JavaScript and TypeScript, the js/regex-injection query has been adjusted to exclude environment variables as default sources.

Deployment and Accessibility

All changes introduced in CodeQL 2.22.4 are automatically available to GitHub code scanning users on the platform. The update will also be integrated into GitHub Enterprise Server (GHES) version 3.19. Users operating on older GHES versions can manually upgrade to leverage the new features.

This release represents a strategic step by GitHub to enhance the security and reliability of its code scanning offerings, providing developers with more robust tools to protect their codebases from potential vulnerabilities.

Image source: Shutterstock