Code scanning: support for additional libraries and frameworks improves CodeQL analysis

CodeQL now supports more libraries and frameworks for a variety of languages (C++, JavaScript, Python,Java, Go). The CodeQL engine can now detect more sources of untrusted user data, which improves the quality and depth of the code scanning alerts. The libraries and frameworks that have been added and improved are listed below.

C/C++

JavaScript and TypeScript

Python

Improvements to Flask framework support
Improvements to Django support
Tornado web application framework

Java

Improvements to Google Guava libraries
Improvements to Apache Commons Lang libraries

Support for these libraries and frameworks has been deployed to GitHub.com. These improvements will also be available in GitHub Enterprise Server 3.1, which is due to be released in Q2.
Learn more about CodeQL and code scanning.

JUN.17Improvement
Secret scanning updates – June 2026
- Application Security
JUN.16Release
GitHub Code Quality generally available July 20, 2026
- Application Security
JUN.16Release
Organization-level enablement for GitHub Code Quality
- Application Security
JUN.10Improvement
Incremental analysis for Go, C/C++, and CodeQL CLI
- Application Security
JUN.10Improvement
Dedicated security review command now available in Copilot CLI
- Application Security
JUN.9Release
Periodic code scanning of inactive repositories
- Application Security
JUN.9Improvement
Security validation for third-party coding agents
- Application Security
JUN.5Improvement
CodeQL 2.25.6 adds Swift 6.3.2 support and improves C# coverage
- Application Security
JUN.2Release
Cloud and local sandboxes for GitHub Copilot now in public preview
- Application Security

Code scanning: support for additional libraries and frameworks improves CodeQL analysis

Related Posts

Subscribe to our developer newsletter