Kotlin security analysis support in CodeQL code scanning (public beta)

[github-product-roadmap]

Summary

CodeQL is the analysis engine that provides the vast majority of our code scanning results. As part of our efforts to constantly improve the depth and breadth of our analysis capabilities, we will be releasing Kotlin analysis support in public beta.

Intended Outcome

Looking at language popularity data on GitHub.com, Kotlin is a very popular language both within the open source community and with our enterprise customers — mostly for creating mobile apps for Android. Building Kotlin support for CodeQL means that we'll be able to flag up security alerts in your Kotlin codebases.

How will it work?

Analyzing Kotlin codebases with CodeQL in code scanning will work much the same as scanning other source code in languages that we already support. After you've set up CodeQL analysis in an Actions workflow on a Kotlin repository, the analysis job will be triggered as configured. As soon as the analysis is finished, the CodeQL results will then become visible to you in the "Security" tab and on pull requests.