CodeQL documentation

CodeQL 2.5.0 (2021-03-26)

This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the code scanning section on the GitHub blog, relevant GitHub Changelog updates, changes in the CodeQL extension for Visual Studio Code, and the CodeQL Action changelog.

Security Coverage

CodeQL 2.5.0 runs a total of 239 security queries when configured with the Default suite (covering 108 CWE). The Extended suite enables an additional 79 queries (covering 26 more CWE). 2 security queries have been added with this release.


Potentially Breaking Changes

  • By default, codeql test now performs additional compiler checks when extracting test code written in Java. Existing Java tests that previously passed may therefore fail due to this change, if they do not compile using the javac compiler. To allow time to migrate existing tests, the new behavior can be disabled by setting the environment variable CODEQL_EXTRACTOR_JAVA_FLOW_CHECKS=false.

New Features

  • Log files that contain output from build processes will now prefix it with [build-stdout] and [build-stderr] instead of [build] and [build-err]. In particular the latter sometimes caused confusion.

QL Language

  • The QL language now recognizes new pragma[only_bind_into](...) and pragma[only_bind_out](...) annotations on expressions. Advanced users may use these annotations to provide hints to the compiler to influence binding behavior and thus indirectly performance.
  • © GitHub, Inc.
  • Terms
  • Privacy