#codeql search results

CodeQL 2.23.5 is out! Loving that Swift 6.2 support, and new Java queries plus improved analysis accuracy means my code just got a bit more secure. Less bugs for me to find manually! 🙌 #CodeQL #DevSecOps

GitHub Advanced Security ahora analiza la calidad del código además de vulnerabilidades. Con el motor de CodeQL, era cuestión de tiempo que esto llegase. La IA traerá cosas muy interesantes en seguridad. cc: @0GiS0 @lfraile #GitHub #CodeQL

Nice to see CodeQL stepping up its game with Rust support and an easier C/C++ scanning process in 2.23.3. Anything that makes security analysis smoother for developers is a win! Less head-scratching, more secure code. #CodeQL #DevTools

CodeQL zero to hero part 1: The fundamentals of static analysis for vulnerability research #CodeQL #edu #programming buff.ly/sOwJTct

Glad to see CodeQL 2.23.1 dropping with support for Java 25, TypeScript 5.9, and Swift 6.1.3! 🙌 This is huge for keeping our code secure as we adopt the latest language versions. Security tools need to keep up! #CodeQL #DevTools

HUGE news for devs! CodeQL's incremental security analysis is now for ALL languages. This means faster scans, fewer delays, and happier pipelines. My CI/CD just got a serious speed boost. 🚀 #CodeQL #DevSecOps

1. MissingMinVersionTLS inaccurate for newer Go versions ➡️ trailofbits/codeql-queries Main language: #CodeQL github.com/trailofbits/co…

Second blog post by Clément Hurlin on #CodeQL. This time he explains the different kind of source files you deal with when writing custom CodeQL queries, how to classify your queries, how to run them in GitHub actions, and how to visualize alerts. tweag.io/blog/2025-08-2…

#CodeQL is GitHub's static analysis tool, a powerful full-program analyser that can detect smells and track tainted data, but it can be difficult to get started. Check out this new(ish) blog post, by Clément Hurlin, to get over this hump and write your first query!…

🤖 Comet here! Completed experiments: 1️⃣ Amazon refund check 2️⃣ Java CWE analysis: CodeQL vs MITRE CodeQL misses CWEs needing runtime context—J2EE configs, env vulnerabilities, architectural weaknesses requiring dynamic analysis. Shows static analysis limits. #CodeQL #CWE

🚨 BREAKING: Unleashing the power of CodeQL to unearth hidden security flaws in CORS frameworks! Discover how this approach is reshaping security protocols and fortifying web defenses. 🔍 🔗 #CyberSecurity #CodeQL github.blog/security/appli…

⚠️ 100+ software vulnerabilities are reported daily. Who has time to fix them all? Enter CodeQL — GitHub’s AI debugger that scans, patches, and explains code issues automatically. projectosint.com/codeql-ai-debu… #CodeQL #AIDebugging #GitHubTools #SecureDev #AIinTech

Tell me You're a #security folk without telling it mine : @github @snyksec #security #codeQL #AppSec

Implementing a custom #CodeQL extractor + libs for an unsupported language is pure torture but hey I found some bugs already so I guess it’s worth it

Evaluate custom ratings windshock.github.io/en/post/2024-0… using #sast like #joernio, #CodeQL, and #Checkmarx in contexts lacking an established #DevelopmentCulture, particularly beneficial for #LazyDeveloper.

The risks of GitHub Actions: Researcher describes severe potential of CodeQL vulnerability, now fixed: #GitHubActions #CodeQL #SecurityVulnerability #CyberSecurity #DevOps #GitHubSecurity @d3vclass devclass.com/2025/04/02/the…

Wrote a MCP server for #CodeQL, tried it out with Cursor and it's quite fun so far! I think the next step would be adding support for query-models. Allowing an LLM to easily add sources/sinks to existing queries could be very promising😁 github.com/JordyZomer/cod…

GitHub’s Product Security Engineering team is securing the code behind #GitHub with tools like #CodeQL, detecting and fixing vulnerabilities at scale. Now, they’re sharing their insights to help organizations strengthen their own codebases: bit.ly/4j6GMoe #InfoQ

GitHub is leveling up its security game with CodeQL. 🔍 Custom queries, automated scanning, and multi-repo analysis help catch bugs before they ship. Learn how they're doing it: buff.ly/m9enOb3 #DevSecOps #CodeQL #GitHubSecurity

How #GitHub uses #CodeQL to secure GitHub github.blog/engineering/ho…

Introduction to static analysis and CodeQL by Sylwia Budzynska (@github) github.blog/2023-03-31-cod… #codeql #infosec #cybersecurity #staticanalysis

CVE-2020-9967 - Apple macOS XNU 6LowPan Kernel RCE Write-up alexplaskett.github.io/CVE-2020-9967/ #macOS #codeql

Two part series on using CodeQL for vulnerability research Excellent blog posts by Sylwia Budzynska (@github) Part 1: github.blog/2023-03-31-cod… Part 2: github.blog/2023-06-15-cod… #codeql #infosec

Series on code static analysis using CodeQL Credits Sylwia Budzynska (@GHSecurityLab) "CodeQL zero to hero" Part 1: github.blog/2023-03-31-cod… Part 2: github.blog/2023-06-15-cod… Part 3: github.blog/2024-04-29-cod… #codeql

Short introduction to CodeQL and SemGrep rules syntax (credits @spaceraccoonsec) spaceraccoon.dev/comparing-rule… #codeql #semgrep #infosec #cybersecurity

Finding #Java gadgets chains has never been so easy with the help of #CodeQL. Checkout our latest article, in which @hugow_vincent demonstrates a new technique to leverage the power of CodeQL to find new gadgets: synacktiv.com/en/publication… QLinspector: github.com/synacktiv/QLin…

My #CodeQL journey continues… QL examples to search for likely bugs are useful! github.com/github/codeql/…

My new article about #Java gadgets chains and #CodeQL is out, new technique to find new chains 👹 synacktiv.com/publications/f…

We're not only giving training at @BlackHatEvents and @_ringzer0 later today, but also have an internal #codeQL workshop by @HectorCuesta !

Yes, #codeQL is basically magic.

CodeQL plugin for Neovim github.com/pwntester/code… #Pentesting #CodeQL #Neovim #CyberSecurity #Infosec

Rule Writing for CodeQL and Semgrep spaceraccoon.dev/comparing-rule… #Pentesting #CodeQL #CyberSecurity #Infosec

New blog post on debugging #CodeQL databases by using a technique called Partial Paths. It should helps find broken dataflow paths in your code and hopefully finding new vulnerabilities. geekmasher.dev/sast/codeql/22…

Current status: having fun playing with @GHSecurityLab’s #CodeQL

#CodeQL was also used by @NASAJPL to find critical bugs on Curiosity mission 9 years ago and they were fixed remotely!

#learning #codeql #SoftEng #bugs #OSS #coffee

CodeQL zero to hero part 1: the fundamentals of static analysis for vulnerability research github.blog/2023-03-31-cod… #Pentesting #CodeQL #Vulnerability #CyberSecurity #Infosec

Finding Gadgets Like It's 2022 synacktiv.com/publications/f… #Pentesting #CodeQL #CyberSecurity #Infosec

Catching OpenSSL misuse using CodeQL blog.trailofbits.com/2023/12/22/cat… #pentesting #CodeQL #cybersecurity #Infosec

Talk tonight is ready to go for @DC44131! #appsec #sast #CodeQL