CodeQL: Add Dart Support #175533
Replies: 6 comments
-
|
💬 Your Product Feedback Has Been Submitted 🎉 Thank you for taking the time to share your insights with us! Your feedback is invaluable as we build a better GitHub experience for all our users. Here's what you can expect moving forward ⏩
Where to look to see what's shipping 👀
What you can do in the meantime 💻
As a member of the GitHub community, your participation is essential. While we can't promise that every suggestion will be implemented, we want to emphasize that your feedback is instrumental in guiding our decisions and priorities. Thank you once again for your contribution to making GitHub even better! We're grateful for your ongoing support and collaboration in shaping the future of our platform. ⭐ |
Beta Was this translation helpful? Give feedback.
-
|
That would be really helpful! |
Beta Was this translation helpful? Give feedback.
-
|
Still opened. When will it be implemented? |
Beta Was this translation helpful? Give feedback.
-
|
I think it really important that CodeQL codes Dart suppor! The pub.dev Dart package ecosystem is more popular than ever, with over 1.3 billion package downloads, in the last 30 days alone. Flutter is now the second most popular development SDK for mobile on both major app stores with over 1.5 million monthly developers, a 50% increase in just one year. |
Beta Was this translation helpful? Give feedback.
-
|
Hello, I strongly support adding Dart/Flutter support to CodeQL. At present, using CodeQL to scan only the Kotlin and Swift layers of Flutter applications is a workaround at best. In most Flutter projects, these layers are minimal and primarily act as bridges, while the core business logic and application behavior reside in Dart. This creates a significant blind spot in security analysis. As a result, critical vulnerabilities in the Dart codebase remain undetected, which undermines the overall effectiveness of SAST in Flutter environments. Given the growing adoption of Flutter for production-grade applications, this gap is becoming increasingly important. Currently, there are very limited robust SAST solutions tailored for Dart, making CodeQL a strong candidate to fill this space. Native support for Dart would enable comprehensive, end-to-end security analysis and significantly improve confidence in Flutter application security. I hope this feature can be considered in the roadmap. Thank you. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Select Topic Area
Product Feedback
Body
Hello,
It'd be great if CodeQL supports dart / flutter. We're currently using CodeQL to scan just Kotlin and Swift parts of our flutter apps, a pain to do so, but it somewhat works.
However, the large part of our apps are written in Dart, Kotlin and Swift are just for piecing stuff together. This is a huge security gap for us, and there are not many security focus SAST tools for Dart.
Cheers!
Beta Was this translation helpful? Give feedback.
All reactions