Value Prop

C/C++ project are notorious for being tricky to analyse with CodeQL. The main reason is because the tool requires a successful build in order to extract information that is needed for a scan. We are now planning to take an approach similar to Java / C# where you can analyse C/C++ code without relying on 3rd party tools to run a full build. Instead, you can use CodeQL to extract as much of the information as possible, add tolerance to errors, and continue with scans even if not all the code is extracted.

Expected Outcome

With the ability to scan C/C++ without working builds, users will be able to quickly scale CodeQL across their C/C++ repositories. As no build is required, CodeQL and default setup will roll out across your organizations without additional input needed.