Sign up for the CodeQL Swift Private Beta! #12522
Closed
turbo
started this conversation in
Show and tell
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Shortly after last year’s GitHub Universe, we launched CodeQL support for Kotlin in public beta, available to all code scanning users. To round out our support for modern mobile application development, we’re also adding Swift support 🥳. But we need your help!
As we prepare for the public launch of our Swift support for CodeQL, scheduled for the late second quarter of 2023, we are excited to announce an expansion of our private beta! Our Kotlin support has been able to benefit from the reliable CodeQL Java platform, but developing support for Swift has been a far more complex undertaking, and requires extensive testing. We are thrilled to now be able to open up the beta to a larger group of users, who can play a key role in making sure that our Swift support is as robust and reliable as possible 🚀.
New to CodeQL code scanning?
Code scanning integrates powerful security analysis natively into your development workflow. Configure it once, and receive actionable security alerts right on your pull request. Code scanning is free for all open-source projects and security researchers.
For Swift, we currently identify issues such as path injection, unsafe web view fetches, numerous cryptographic misuses and other types of unsafe evaluation or processing of unsanitized user-controlled data. During the private and public beta, we'll gradually increase our coverage of distinct weaknesses.
Swift joins our existing supported languages (C/C++, Java/Kotlin, JS/TS, Python, Ruby, C#, and Go), which in sum run nearly 400 checks on your code (all open-source), all while keeping false positive rates low and precision high.
How to Get Access
If you have an open-source Swift project hosted on GitHub, we’d love for you to try out this feature. To sign up, follow these steps:
#codeql-swift-beta-lobbychannelOur team monitors this channel and will admit new requests on an ongoing basis. Once admitted, you’ll have access to a private channel for immediate discussion and feedback with the CodeQL team, as well as access to the setup instructions.
If you are a security researcher, we’ll also provide instructions to build and explore CodeQL Swift databases locally.
FAQ
What feedback are we looking for?
We’re primarily focused on ensuring a smooth setup and workflow integration for new users. So any problems encountered during the setup or build steps, or other CodeQL errors that prevent you from integrating code scanning into your normal dev workflow are of high priority to us.
Beyond that, we’re also interested in general feedback on our early-phase security queries and the quality of the results provided. Do they meet your expectations? Do you understand the context and help provided in the queries? Are we missing something that you’d expect CodeQL to detect?
What platforms are supported?
CodeQL for Swift is currently aimed at Swift-only projects (Obj-C is not supported), developed on and for Apple operating systems (macOS, iOS, tvOS, etc.). Server-side Swift projects should build and analyze fine, but our query coverage is very much geared towards mobile apps and Swift libraries. Linux is limited and Windows is currently not supported.
Swift versions 5.5 to 5.7 are supported, building on macOS 10.15 to 13.
What about private commercial projects?
GitHub code scanning is free for open-source projects. If you are a current GitHub Advanced Security customer, please contact your account representative to request access to the Swift Private Beta and onboard private projects.
Got further questions? Just respond in this thread 🙂
Beta Was this translation helpful? Give feedback.
All reactions