You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Shortly after last year’s GitHub Universe, we launched CodeQL support for Kotlin in public beta, available to all code scanning users. To round out our support for modern mobile application development, we’re also adding Swift support 🥳. But we need your help!
As we prepare for the public launch of our Swift support for CodeQL, scheduled for the late second quarter of 2023, we are excited to announce an expansion of our private beta! Our Kotlin support has been able to benefit from the reliable CodeQL Java platform, but developing support for Swift has been a far more complex undertaking, and requires extensive testing. We are thrilled to now be able to open up the beta to a larger group of users, who can play a key role in making sure that our Swift support is as robust and reliable as possible 🚀.
Note
Swift 5.8 support is currently in progress and expected to be released soon.
New to CodeQL code scanning?
Code scanning integrates powerful security analysis natively into your development workflow. Configure it once, and receive actionable security alerts right on your pull request. Code scanning is free for all open-source projects and security researchers.
For Swift, we currently identify issues such as path injection, unsafe web view fetches, numerous cryptographic misuses and other types of unsafe evaluation or processing of unsanitized user-controlled data. During the private and public beta, we'll gradually increase our coverage of distinct weaknesses.
Swift joins our existing supported languages (C/C++, Java/Kotlin, JS/TS, Python, Ruby, C#, and Go), which in sum run nearly 400 checks on your code (all open-source), all while keeping false positive rates low and precision high.
How to Get Access
If you have an open-source Swift project hosted on GitHub, we’d love for you to try out this feature. To sign up, follow these steps:
Introduce yourself and your project(s) in a short message
Our team monitors this channel and will admit new requests on an ongoing basis. Once admitted, you’ll have access to a private channel for immediate discussion and feedback with the CodeQL team, as well as access to the setup instructions.
If you are a security researcher, we’ll also provide instructions to build and explore CodeQL Swift databases locally.
FAQ
What feedback are we looking for?
We’re primarily focused on ensuring a smooth setup and workflow integration for new users. So any problems encountered during the setup or build steps, or other CodeQL errors that prevent you from integrating code scanning into your normal dev workflow are of high priority to us.
Beyond that, we’re also interested in general feedback on our early-phase security queries and the quality of the results provided. Do they meet your expectations? Do you understand the context and help provided in the queries? Are we missing something that you’d expect CodeQL to detect?
What platforms are supported?
CodeQL for Swift is currently aimed at Swift-only projects (Obj-C is not supported), developed on and for Apple operating systems (macOS, iOS, tvOS, etc.). Server-side Swift projects should build and analyze fine, but our query coverage is very much geared towards mobile apps and Swift libraries. Linux is limited and Windows is currently not supported.
Swift versions 5.5 to 5.7 are supported, building on macOS 10.15 to 13.
What about private commercial projects?
GitHub code scanning is free for open-source projects. If you are a current GitHub Advanced Security customer, please contact your account representative to request access to the Swift Private Beta and onboard private projects.
Got further questions? Just respond in this thread 🙂
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Shortly after last year’s GitHub Universe, we launched CodeQL support for Kotlin in public beta, available to all code scanning users. To round out our support for modern mobile application development, we’re also adding Swift support 🥳. But we need your help!
As we prepare for the public launch of our Swift support for CodeQL, scheduled for the late second quarter of 2023, we are excited to announce an expansion of our private beta! Our Kotlin support has been able to benefit from the reliable CodeQL Java platform, but developing support for Swift has been a far more complex undertaking, and requires extensive testing. We are thrilled to now be able to open up the beta to a larger group of users, who can play a key role in making sure that our Swift support is as robust and reliable as possible 🚀.
New to CodeQL code scanning?
Code scanning integrates powerful security analysis natively into your development workflow. Configure it once, and receive actionable security alerts right on your pull request. Code scanning is free for all open-source projects and security researchers.
For Swift, we currently identify issues such as path injection, unsafe web view fetches, numerous cryptographic misuses and other types of unsafe evaluation or processing of unsanitized user-controlled data. During the private and public beta, we'll gradually increase our coverage of distinct weaknesses.
Swift joins our existing supported languages (C/C++, Java/Kotlin, JS/TS, Python, Ruby, C#, and Go), which in sum run nearly 400 checks on your code (all open-source), all while keeping false positive rates low and precision high.
How to Get Access
If you have an open-source Swift project hosted on GitHub, we’d love for you to try out this feature. To sign up, follow these steps:
#codeql-swift-beta-lobby
channelOur team monitors this channel and will admit new requests on an ongoing basis. Once admitted, you’ll have access to a private channel for immediate discussion and feedback with the CodeQL team, as well as access to the setup instructions.
If you are a security researcher, we’ll also provide instructions to build and explore CodeQL Swift databases locally.
FAQ
What feedback are we looking for?
We’re primarily focused on ensuring a smooth setup and workflow integration for new users. So any problems encountered during the setup or build steps, or other CodeQL errors that prevent you from integrating code scanning into your normal dev workflow are of high priority to us.
Beyond that, we’re also interested in general feedback on our early-phase security queries and the quality of the results provided. Do they meet your expectations? Do you understand the context and help provided in the queries? Are we missing something that you’d expect CodeQL to detect?
What platforms are supported?
CodeQL for Swift is currently aimed at Swift-only projects (Obj-C is not supported), developed on and for Apple operating systems (macOS, iOS, tvOS, etc.). Server-side Swift projects should build and analyze fine, but our query coverage is very much geared towards mobile apps and Swift libraries. Linux is limited and Windows is currently not supported.
Swift versions 5.5 to 5.7 are supported, building on macOS 10.15 to 13.
What about private commercial projects?
GitHub code scanning is free for open-source projects. If you are a current GitHub Advanced Security customer, please contact your account representative to request access to the Swift Private Beta and onboard private projects.
Got further questions? Just respond in this thread 🙂
Beta Was this translation helpful? Give feedback.
All reactions