Try GitHub Copilot CLIAttend GitHub Universe
Back to changelog
Improvement

July 3, 20251 Minute Read

CodeQL 2.22.1 bring Rust support to public preview

CodeQL is the static analysis engine behind GitHub code scanning, which finds and remediates security issues in your code. We’ve recently released CodeQL 2.22.1 which brings Rust support to public preview, expands framework modeling, and improves accuracy for some queries.

Language & framework support

  • Rust: Rust language support is now available in public preview. You can start analyzing Rust projects with CodeQL.
  • C/C++: Added flow models for the popular libraries zlib, brotli, libidn2, libssh2, nghttp2, libuv, and curl. This results in improved detection of vulnerabilities in codebases using these libraries.

Query changes

  • JavaScript/TypeScript: Removed encodeURI and escape from the sanitizer list for request forgery queries.
  • JavaScript/TypeScript: The JavaScript extractor now automatically skips generated JavaScript files if the original TypeScript files are present, as well as files in output directories specified by tsconfig.json.

For a full list of changes, see the CodeQL 2.22.1 changelog.

Every new version of CodeQL is automatically deployed to users of GitHub code scanning on github.com. The new features in CodeQL 2.22.1 will be included in GitHub Enterprise Server (GHES) 3.19. If you use an older version of GHES, you can manually upgrade your CodeQL version.

Related Posts

Subscribe to our developer newsletter

Discover tips, technical guides, and best practices in our biweekly newsletter just for devs.

By submitting, I agree to let GitHub and its affiliates use my information for personalized communications, targeted advertising, and campaign effectiveness. See the GitHub Privacy Statement for more details.

CodeQL 2.22.1 bring Rust support to public preview - GitHub Changelog