Improved incremental CodeQL analysis during Pull Requests for Ruby and Java

[glider-bot]

Value Prop

CodeQL is the static analysis engine that powers GitHub’s code scanning capabilities. In Pull Requests, it can pinpoint potential vulnerabilities and deliver detailed insights alongside automated remediation suggestions through Copilot Autofix. With this update, CodeQL queries and extraction will focus exclusively on newly introduced code rather than rescanning the entire codebase, streamlining the analysis process.

Expected Outcome

Developers receive even faster feedback during Pull Requests, reducing the time needed to identify and fix emerging vulnerabilities. This speed enhancement aims to make a significant reduction in scan duration with a potential small impact on accuracy on the Pull Requests page. This will help accelerate the remediation process, enabling teams to secure their code more efficiently without slowing down for security.