v2402 GenAI, Sarif and New Language Supports
Introducing SARIF reporting, AI integration for on-premises, and new analyzers for PHP and Swift languages
Last updated
Was this helpful?
Introducing SARIF reporting, AI integration for on-premises, and new analyzers for PHP and Swift languages
Last updated
Was this helpful?
Users can now integrate Large Language Models (LLMs) from Azure OpenAI, OpenAI, Anthropic, and Ollama into their development environments.
Supports selecting the preferred LLM provider, tailored to project needs and workflows.
For on-premises requirements, Ollama provides a fully compatible AI capability, ensuring comprehensive support without external dependencies.
SARIF (Static Analysis Results Interchange Format) output reports are now available, facilitating integration with services like GitHub Vulnerability Alerts.
Users can include SARIF output in their action YAML, enabling automated vulnerability reporting within GitHub’s development cycles.
The feature also supports tools like Microsoft’s sarif-tools CLI for custom logic implementation in CI/CD pipelines and services.
Sarif Report Generation is available in Project's Overview, Report Section!
Add CodeQL's Upload Sarif Job in your workflow action yaml to use Github Vulnerability Alerts
We have introduced analyzers for PHP and Swift, currently in beta testing.
PHP support includes 25 new specialized rulesets for frameworks such as Laravel, Symfony, and WordPress, accessible within the KStore.
Swift support includes 10 new specialized rulesets for Weak Crypto-Keychain, Sql Query injection type vulnerabilities. The full list of current ruleset can be seen in KStore within the codethreat platform.
We plan to provide additional rulesets and support for new frameworks in future releases, and we welcome user feedback on these beta analyzers to guide their development and refinement.
Addressed issues related to hardcoded information searches. It is recommended for users with on-premises deployments to update their knowledge bases to benefit from these fixes.