roadmap icon indicating copy to clipboard operation
roadmap copied to clipboard
verified publisher icon github

Incremental CodeQL analysis reduces scan times during Pull Requests [GA]

Open glider-bot opened this issue 10 months ago • 1 comments

Value Prop

CodeQL is the static analysis engine that powers GitHub’s code scanning capabilities. In Pull Requests, it can pinpoint potential vulnerabilities and deliver detailed insights alongside automated remediation suggestions through Copilot Autofix. With this update, CodeQL queries focus exclusively on newly introduced code rather than rescanning the entire codebase, streamlining the analysis process.

Expected Outcome

Developers receive faster feedback during Pull Requests, reducing the time needed to identify and fix emerging vulnerabilities. This speed enhancement maintains the same quality of results on the Pull Requests page while accelerating the remediation process, enabling teams to secure their code more efficiently without compromising on thoroughness.

glider-bot avatar Mar 20 '25 18:03 glider-bot

🚢 This has shipped: https://github.blog/changelog/2025-05-28-incremental-security-analysis-makes-codeql-up-to-20-faster-in-pull-requests

Leaving open to track for GHES release!

ankneis avatar May 30 '25 17:05 ankneis