Today, we’re extending CodeQL code scanning support to Rust. Developers working on Rust libraries and apps can now benefit from our best-in-class code security analysis. We currently identify issues such as path, SQL, and regex injections, numerous cryptographic misuses, and other types of unsafe usage of user data. During the preview period, we’ll increase our coverage of distinct weaknesses.

Rust joins our existing supported languages (C/C++, Java/Kotlin, JS/TS, Python, Ruby, C#, Go, GitHub Actions, and Swift). CodeQL runs hundreds of checks on your code across these languages, all while keeping false positive rates low and precision high.

Set up code scanning on your Rust repositories today and receive actionable security alerts on your pull requests. Read more about our supported Rust versions and platforms in our documentation.

Rust support is now available on github.com and will be available in CodeQL CLI starting with version 2.22.1. While in public preview this feature will not be available on GitHub Enterprise Server.

This is just the start for Rust support in GitHub Advanced Security. If you have any feedback or questions about the Rust preview, please join the discussion within GitHub Community.