CodeQL documentation

CodeQL 2.7.2 (2021-11-22)

This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the code scanning section on the GitHub blog, relevant GitHub Changelog updates, changes in the CodeQL extension for Visual Studio Code, and the CodeQL Action changelog.

Security Coverage

CodeQL 2.7.2 runs a total of 278 security queries when configured with the Default suite (covering 124 CWE). The Extended suite enables an additional 85 queries (covering 31 more CWE). 5 security queries have been added with this release.


Potentially Breaking Changes

  • The Java extractor now defaults to extracting all XML documents under 10MB in size, a change from the previous default of only extracting documents with particular well-known names (e.g. pom.xml). However, if the source tree contains more than 50MB of XML in total, it prints a warning and falls back to the old default behaviour. Set the environment variable LGTM_INDEX_XML_MODE to byname to get the old default behaviour, or all to extract all documents under 10MB regardless of total size.
  • The experimental command-line option --native-library-path that was introduced to support internal experiments has been removed.
  • The beta codeql pack publish command will now prevent accidental publishing of packages with pre-release version qualifiers. Prerelease versions are those that include a - after the major, minor, and patch versions such as 1.2.3-dev. To avoid this change, use the --allow-prerelease option.

Bug Fixes

  • Fixed an issue when using the --evaluator-log option where a NullPointerException could sometimes occur non-deterministically.
  • Fixed bugs observed when using indirect build tracing using a CodeQL distribution unpacked to a path containing spaces or on Arch Linux.

New Features

  • CodeQL databases now contain metadata about how and when they were created. This can be found in the creationMetadata field of the codeql-database.yml file within the CodeQL database directory. More information may be added to this field in future releases.
  • © GitHub, Inc.
  • Terms
  • Privacy