CodeQL includes many queries for analyzing Java and Kotlin code. All queries in the default
query suite are run by default. If you choose to use the security-extended
query suite, additional queries are run. For more information, see "CodeQL query suites."
Note: CodeQL analysis for Kotlin is currently in beta. During the beta, analysis of Kotlin will be less comprehensive than CodeQL analysis of other languages.
Built-in queries for Java and Kotlin analysis
This table lists the queries available with the latest release of the CodeQL action and CodeQL CLI. For more information, see CodeQL change logs in the CodeQL documentation site.
Note
GitHub autofix for code scanning is in beta. Functionality and documentation are subject to change. During this phase, the feature is restricted to C#, Go, Java, JavaScript/TypeScript, Python, and Ruby alerts identified by CodeQL for private and internal repositories. If you have an enterprise account and use GitHub Advanced Security, your enterprise has access to the beta.