github
Ruby support for CodeQL code scanning (GA)
Summary
CodeQL is the analysis engine that provides the vast majority of our code scanning results. In Q4 of CY2022, Ruby support will transition from beta to GA - a change that brings more security coverage, library & framework support, and support for the latest Ruby language features.
Intended Outcome
Ruby is a very popular language, both within the open-source community and with our enterprise customers. Building Ruby support for CodeQL means that we'll be able to flag up security alerts in Ruby codebases.
How will it work?
Analyzing Ruby codebases with CodeQL in code scanning works much the same as scanning other source code in languages that we already support. After you've set up CodeQL analysis in an Actions workflow on a Ruby repository, the analysis job will be triggered as configured. As soon as the analysis is finished, CodeQL will export the results, which will then become visible to you in the "Security" tab and on pull requests.
