CodeQL Updates

Hi all,

CodeQL, GitHub's semantic code analysis tool, now supports Swift. This enables you to perform static analysis on your codebases to get alerted to any vulnerabilities, such as SQL injection attacks etc.

To set it up, go to your repository's settings page and click Code Security and Analysis:

Under Code Scanning select Set up for CodeQL analysis:

Default will try and set up the project for you with preconfigured options:

If your repo supports multiple languages you may want to customise it:

At the time of writing Swift support is still in Beta.

I've found that Swift packages need to be manually built, but it does support Swift 5.8 and Linux now. To do so, define a workflow file for CodeQL:

name: "CodeQL"

on:
  push:
    branches: [ "main" ]
  pull_request:
    branches: [ "main" ]

jobs:
  run-codeql-linux:
    name: Run CodeQL on Linux
    runs-on: ubuntu-latest
    permissions:
      security-events: write

    steps:
    - name: Checkout repository
      uses: actions/checkout@v3

    - name: Initialize CodeQL
      uses: github/codeql-action/init@v2
      with:
        languages: swift

    - name: Build
      run: swift build

    - name: Perform CodeQL Analysis
      uses: github/codeql-action/analyze@v2

Once done, it will scan PRs and main for any security issues. Any issues will appear in the Security tab under Code Scanning:

N.B. I'm not affiliated with GitHub, but have worked on Swift support for Dependabot

20 Likes