Code scanning default setup is now available for Swift

Code scanning default setup is now available for Swift analysis with CodeQL! Default setup now supports all CodeQL supported languages at the repository level. This includes JavaScript/TypeScript, Ruby, Python, Go, Java, Kotlin, C/C++, C#, and Swift. We're working to support enabling code scanning at the organization level for all CodeQL languages soon.

Default setup automatically detects the languages used in a repository, and automatically analyzes JavaScript/TypeScript, Ruby, Python, and Go. You can also optionally customize the configuration to analyze Java/Kotlin, C/C++, C# and Swift. The configuration can be viewed and edited at any time, during or after set up. You can also use the REST API to include languages in the default setup configuration.

Java, Kotlin, C/C++, C# and Swift are not automatically included in the default setup configuration because they often require more advanced configuration. Code written in these languages needs to be compiled in order for CodeQL analysis to proceed. CodeQL will attempt to build your code automatically but may fail if your code requires bespoke build steps.

If a language fails in default setup, you will see an error message on the repository's settings page, in the code security and analysis section. To resolve the situation you can:

  1. Deselect the language from the configuration and continue to use default setup for the successful languages.
  2. Convert to advanced setup. The advanced setup uses a yml file and allows you to provide the build information required for the CodeQL analysis to succeed.
  3. Debug and fix the cause of the language failure. The Actions log will provide the failure reason so you can resolve this for a successful analysis.

For more information, see the documentation for when a particular language is causing default setup to fail. For more information on code scanning default setup, see Configuring code scanning automatically.

You can now use the REST API to get global security advisories from the Advisory Database. This makes it easy to get access to the Advisory Database's free, open source list of actionable security advisories and CVEs which include machine readable mappings to the ecosystem, package name, and affected versions of impacted software.

Learn more about GitHub's global security advisories and the Advisory Database.

See more

Today's Changelog brings you board swimlanes and the ability to create issues in repository groups!

🏊 Board swimlanes

You can now configure swimlanes on your boards by selecting a Group by field from the view configuration menu. This allows you to break up your items by different workstreams, team members, or priorities, similar to groups on tables and roadmaps. Drag and drop your items between columns and groups to quickly make adjustments, or add a new item directly.

swimlane

➕ Create issues in repository groups

You can now create issues when grouped by Repository on the table and roadmap layout. Click Create new issue or start typing the title to get started.

repo_groups

See how to use GitHub for project planning with GitHub Issues, check out what's on the roadmap, and learn more in the docs.

Questions or suggestions? Join the conversation in the community discussion.

See more