Faster incremental analysis with CodeQL in pull requests

CodeQL scans on pull requests for C#, Java, JavaScript/TypeScript, Python, and Ruby are now incremental, making them faster. Earlier this year, we sped up scans during pull requests with CodeQL by approximately 20% by analyzing only new or changed code. We are now further improving the performance of CodeQL incremental analysis by generating a CodeQL database to represent your new or changed code introduced in pull requests and combining it with a cached database for your entire codebase.

Across more than 100,000 repositories, we classified repositories into three groups based on how long it takes to run a non-incremental scan:

• Less than three minutes
• Between three and seven minutes
• Over seven minutes

Based on that classification, here’s the average per-language speedup we observed on scan times over a seven-day period:

This latest improvement to incremental analysis will only be applicable to those using the default CodeQL query suite.

The incremental analysis is enabled by default for C#, Java, JavaScript/TypeScript, Python, and Ruby projects that are using the build mode none extraction mechanism in both default setup and advanced setup on github.com.

CodeQL CLI will receive support for incremental scanning at a later date.