CodeQL 2.6.2 (2021-09-21)¶
This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the code scanning section on the GitHub blog, relevant GitHub Changelog updates, changes in the CodeQL extension for Visual Studio Code, and the CodeQL Action changelog.
Security Coverage¶
CodeQL 2.6.2 runs a total of 274 security queries when configured with the Default suite (covering 120 CWE). The Extended suite enables an additional 81 queries (covering 28 more CWE). 1 security query has been added with this release.
CodeQL CLI¶
Bug Fixes¶
- A bug where
codeql generate log-summarywould sometimes crash with aJsonMappingExceptionhas been fixed.
Documentation¶
- Documentation has been added detailing how to use the “indirect build tracing” feature, which is enabled by using the
--begin-tracingflag provided bycodeql database init. The new documentation can be found here. This feature was temporarily described as “sandwiched tracing” in the 2.6.0 release notes.
New Features¶
- The CodeQL CLI now counts the lines of code found under
--source-rootwhencodeql database initorcodeql database createis called. This information can be viewed later by either the newcodeql database print-baselinecommand or the new--print-baseline-locargument tocodeql database interpret-results. qlpack.ymlfiles now support an additional fieldincludein which glob patterns of additional files that should be included (or excluded) when creating a given CodeQL pack can be specified.- QL packs created by the experimental
codeql pack createcommand will now include some information about the build in a newbuildMetadatafield of theirqlpack.ymlfile. codeql database createnow supports the same flags ascodeql database initfor automatically recognizing the languages present in checkouts of GitHub repositories:--github-urlaccepts the URL of a custom GitHub instance (previously onlygithub.comwas supported).--github-auth-stdinallows a personal access token to be provided through standard input (previously only theGITHUB_TOKENenvironment variable was supported).