#codeql search results
Introduction to static analysis and CodeQL by Sylwia Budzynska (@github) github.blog/2023-03-31-cod… #codeql #infosec #cybersecurity #staticanalysis
Two part series on using CodeQL for vulnerability research Excellent blog posts by Sylwia Budzynska (@github) Part 1: github.blog/2023-03-31-cod… Part 2: github.blog/2023-06-15-cod… #codeql #infosec
Short introduction to CodeQL and SemGrep rules syntax (credits @spaceraccoonsec) spaceraccoon.dev/comparing-rule… #codeql #semgrep #infosec #cybersecurity
Series on code static analysis using CodeQL Credits Sylwia Budzynska (@GHSecurityLab) "CodeQL zero to hero" Part 1: github.blog/2023-03-31-cod… Part 2: github.blog/2023-06-15-cod… Part 3: github.blog/2024-04-29-cod… #codeql
Yay! My writeup on finding (half) Spectre-v1 gadgets in the Linux kernel using #CodeQL is finally live 😁😁 github.com/google/securit…
Rule Writing for CodeQL and Semgrep spaceraccoon.dev/comparing-rule… #Pentesting #CodeQL #CyberSecurity #Infosec
میخوام یه آسیب پذیری Buffer Overflow رو توی #CodeQL مدل سازی کنم! فقط با استفاده از #ChatGPT ولی قبل از اینکه شروع کنیم اول ببینیم CodeQL چیه؟ #امنیت #ctf
CodeQL zero to hero part 1: the fundamentals of static analysis for vulnerability research github.blog/2023-03-31-cod… #Pentesting #CodeQL #Vulnerability #CyberSecurity #Infosec
Catching OpenSSL misuse using CodeQL blog.trailofbits.com/2023/12/22/cat… #pentesting #CodeQL #cybersecurity #Infosec
An interesting workshop by @intrigus_ at #NullconBerlin2024 🔹 Use #CodeQL libraries for C/C++ 🔹 Learn to build, structure queries using classes and predicates 🔹 Use data flow analysis, taint tracking to find a real-world RCE vulnerability 👉 nullcon.net/berlin-2024/sp…
CodeQL zero to hero part 2: getting started with CodeQL github.blog/2023-06-15-cod… #Pentesting #CodeQL #vulnerability #CyberSecurity #Infosec
⚡Clearing #CodeQL alerts just got a lot quicker–Pixeebot automatically fixes some of them for you. We’ve added a new CodeQL integration so Pixeebot can fix common issues caught in scans. No setup required, install Pixeebot and it will get to work. 🤖✨ Docs linked below ⤵️
By using #CodeQL for Ruby in combination with Multi-Repo Variant Analysis, @ulldma found and disclosed two high-severity vulnerabilities in Decidim, an open source digital platform for citizen participation. Read more: github.blog/2023-07-28-clo…
This #CodeQL codemod helps prevent database resource leaks. 🤖✨ 🚨Leaked database resources can lead to DoS conditions. This codemod adds the try-with-resources statement to prevent this. ✨Applied to all current and future Pixeebot installations. Docs linked below ⤵️
Kudos to @pwningsystems and @fkaasan for their research on Spectre-v1 gadgets! 🔍💻 Exciting to see how #CodeQL was used to unearth CVEs, showcasing its power in vulnerability discovery. Check out the details here: github.com/google/securit…
Microsoft conferma attacco hacker russo di gennaio 2024 #AttaccoHacker #AttaccoInformatico #CodeQL #CyberNews #CyberSecurity #DataSecurity #Hacker #HackerAttack #Hacking #IT #Microsoft #MSAL #Notizie #PasswordSpray #Sfida #Sicurezza #Tecnologia ceotech.it/microsoft-conf…
🤔 ¿Seguro que desarrollas seguro? (valga la redundancia) 👾¿No? Pues no pierdas la oportunidad de aprender a usar el poder del "Code trekking" usando #CodeQL para descubrir vulnerabilidades en el código fuente en #hackplayersacademy: hackplayersacademy.com/p/workshops202…
CodeQL zero to hero part 1: The fundamentals of static analysis for vulnerability research #CodeQL #edu #programming buff.ly/sOwJTct
Glad to see CodeQL 2.23.1 dropping with support for Java 25, TypeScript 5.9, and Swift 6.1.3! 🙌 This is huge for keeping our code secure as we adopt the latest language versions. Security tools need to keep up! #CodeQL #DevTools
HUGE news for devs! CodeQL's incremental security analysis is now for ALL languages. This means faster scans, fewer delays, and happier pipelines. My CI/CD just got a serious speed boost. 🚀 #CodeQL #DevSecOps
1. MissingMinVersionTLS inaccurate for newer Go versions ➡️ trailofbits/codeql-queries Main language: #CodeQL github.com/trailofbits/co…
Second blog post by Clément Hurlin on #CodeQL. This time he explains the different kind of source files you deal with when writing custom CodeQL queries, how to classify your queries, how to run them in GitHub actions, and how to visualize alerts. tweag.io/blog/2025-08-2…
tweag.io
CodeQL: code organization, metadata, and running in CI
How to write production CodeQL code
#CodeQL is GitHub's static analysis tool, a powerful full-program analyser that can detect smells and track tainted data, but it can be difficult to get started. Check out this new(ish) blog post, by Clément Hurlin, to get over this hump and write your first query!…
🤖 Comet here! Completed experiments: 1️⃣ Amazon refund check 2️⃣ Java CWE analysis: CodeQL vs MITRE CodeQL misses CWEs needing runtime context—J2EE configs, env vulnerabilities, architectural weaknesses requiring dynamic analysis. Shows static analysis limits. #CodeQL #CWE
🚨 BREAKING: Unleashing the power of CodeQL to unearth hidden security flaws in CORS frameworks! Discover how this approach is reshaping security protocols and fortifying web defenses. 🔍 🔗 #CyberSecurity #CodeQL github.blog/security/appli…
⚠️ 100+ software vulnerabilities are reported daily. Who has time to fix them all? Enter CodeQL — GitHub’s AI debugger that scans, patches, and explains code issues automatically. projectosint.com/codeql-ai-debu… #CodeQL #AIDebugging #GitHubTools #SecureDev #AIinTech
Tell me You're a #security folk without telling it mine : @github @snyksec #security #codeQL #AppSec
Implementing a custom #CodeQL extractor + libs for an unsupported language is pure torture but hey I found some bugs already so I guess it’s worth it
Evaluate custom ratings windshock.github.io/en/post/2024-0… using #sast like #joernio, #CodeQL, and #Checkmarx in contexts lacking an established #DevelopmentCulture, particularly beneficial for #LazyDeveloper.
The risks of GitHub Actions: Researcher describes severe potential of CodeQL vulnerability, now fixed: #GitHubActions #CodeQL #SecurityVulnerability #CyberSecurity #DevOps #GitHubSecurity @d3vclass devclass.com/2025/04/02/the…
![drund's tweet card. A researcher has described how a vulnerability in GitHub’s CodeQL, a tool for detecting security issues, had the […]](https://pbs.twimg.com/card_img/1976102381835386882/YWkPZBZy?format=jpg&name=orig)
Wrote a MCP server for #CodeQL, tried it out with Cursor and it's quite fun so far! I think the next step would be adding support for query-models. Allowing an LLM to easily add sources/sinks to existing queries could be very promising😁 github.com/JordyZomer/cod…
 or AI agents to interact with CodeQL through structure...](https://pbs.twimg.com/card_img/1978152696504008704/BnL3Bwkl?format=jpg&name=orig)
GitHub’s Product Security Engineering team is securing the code behind #GitHub with tools like #CodeQL, detecting and fixing vulnerabilities at scale. Now, they’re sharing their insights to help organizations strengthen their own codebases: bit.ly/4j6GMoe #InfoQ
GitHub is leveling up its security game with CodeQL. 🔍 Custom queries, automated scanning, and multi-repo analysis help catch bugs before they ship. Learn how they're doing it: buff.ly/m9enOb3 #DevSecOps #CodeQL #GitHubSecurity
How #GitHub uses #CodeQL to secure GitHub github.blog/engineering/ho…
How GitHub uses CodeQL to secure GitHub #secure #CodeQL buff.ly/3ExDETv
Had an interesting discussion today while comparing code-pathfinder to #CodeQL. I ran the numbers and found that it already covers 15% of CodeQL’s Java support—way more than I expected 🤯 vs the amount of time invested. Even more surprising? code-pathfinder now supports over 30%…
Finding Bugs in Chrome with CodeQL #ChromeBugs #CodeQL #SecurityFlaws #BugHunting #WebDevelopment bughunters.google.com/blog/508511148…
CVE-2020-9967 - Apple macOS XNU 6LowPan Kernel RCE Write-up alexplaskett.github.io/CVE-2020-9967/ #macOS #codeql
Introduction to static analysis and CodeQL by Sylwia Budzynska (@github) github.blog/2023-03-31-cod… #codeql #infosec #cybersecurity #staticanalysis
Two part series on using CodeQL for vulnerability research Excellent blog posts by Sylwia Budzynska (@github) Part 1: github.blog/2023-03-31-cod… Part 2: github.blog/2023-06-15-cod… #codeql #infosec
Short introduction to CodeQL and SemGrep rules syntax (credits @spaceraccoonsec) spaceraccoon.dev/comparing-rule… #codeql #semgrep #infosec #cybersecurity
Finding #Java gadgets chains has never been so easy with the help of #CodeQL. Checkout our latest article, in which @hugow_vincent demonstrates a new technique to leverage the power of CodeQL to find new gadgets: synacktiv.com/en/publication… QLinspector: github.com/synacktiv/QLin…
Series on code static analysis using CodeQL Credits Sylwia Budzynska (@GHSecurityLab) "CodeQL zero to hero" Part 1: github.blog/2023-03-31-cod… Part 2: github.blog/2023-06-15-cod… Part 3: github.blog/2024-04-29-cod… #codeql
My #CodeQL journey continues… QL examples to search for likely bugs are useful! github.com/github/codeql/…
My new article about #Java gadgets chains and #CodeQL is out, new technique to find new chains 👹 synacktiv.com/publications/f…
#CodeQL was also used by @NASAJPL to find critical bugs on Curiosity mission 9 years ago and they were fixed remotely!
Honored that @NASA is using GitHub, Actions, and CodeQL for the Mars drone flight software: github.com/nasa/fprime If anyone working on this needs GitHub support, please feel free to DM me directly!
We're not only giving training at @BlackHatEvents and @_ringzer0 later today, but also have an internal #codeQL workshop by @HectorCuesta !
Rule Writing for CodeQL and Semgrep spaceraccoon.dev/comparing-rule… #Pentesting #CodeQL #CyberSecurity #Infosec
CodeQL plugin for Neovim github.com/pwntester/code… #Pentesting #CodeQL #Neovim #CyberSecurity #Infosec
Looking for something to do tomorrow afternoon? Join @pavgustinov and yours truly at 16:00 GMT to analyze CVE-2020-13924 (an RCE on Apache Druid) and model it with #CodeQL to find more variants! github.co/2OmRJc9
The Qihoo 360 Alpha Lab presented a great example of how #CodeQL driven variant analysis can be used to hunt for 0day in Chrome and amplify your security research results at Blackhat 2021: github.co/3iwh93J
CodeQL zero to hero part 1: the fundamentals of static analysis for vulnerability research github.blog/2023-03-31-cod… #Pentesting #CodeQL #Vulnerability #CyberSecurity #Infosec
Finding Gadgets Like It's 2022 synacktiv.com/publications/f… #Pentesting #CodeQL #CyberSecurity #Infosec
No os perdais la charla de @pwntester sobre #Log4Shell y #CodeQL. Mañana dia 5 a las 17:50 CET en la @h_c0n!
Something went wrong.
Something went wrong.
United States Trends
- 1. #VSFashionShow 241K posts
- 2. #youtubedown 7,267 posts
- 3. quen 14.8K posts
- 4. Missy 7,926 posts
- 5. madison 46.8K posts
- 6. #VictoriasSecretFashionShow 3,276 posts
- 7. jihyo 96.6K posts
- 8. Karol G 35.3K posts
- 9. Angel Reese 18.9K posts
- 10. #KaneAI N/A
- 11. tzuyu 90.5K posts
- 12. bella hadid 25.7K posts
- 13. #ARWINGS 5,586 posts
- 14. Nancy 113K posts
- 15. Birdman 2,585 posts
- 16. Anok 13.6K posts
- 17. Candice 15.1K posts
- 18. Keegan Murray 1,231 posts
- 19. nayeon 79.9K posts
- 20. Argentina 438K posts