News

Using CodeQL to detect client-side vulnerabilities in web applications

GitHub’s CodeQL is a robust query language originally developed by Semmle that allows you to look for vulnerabilities in the ...
TechCrunch1y

GitHub’s latest AI tool can automatically fix code vulnerabilities

Image Credits: GitHub In the background, this new feature uses the CodeQL engine, GitHub’s semantic analysis engine to find vulnerabilities in code, even before it has been executed.
Bleeping Computer4y

Microsoft shares CodeQL queries to scan code for ... - BleepingComputer

Microsoft has open-sourced CodeQL queries that developers can use to scan source code for malicious implants matching the SolarWinds supply-chain attack.
InfoWorld5y

GitHub makes CodeQL free for research and open source

CodeQL, a semantic code analysis engine and query tool for finding security vulnerabilities across a codebase, has been made available for free by GitHub for anyone to use in research or to ...
InfoQ1y

GitHub CodeQL Code Scanning Now Supports Setting a Threat Model

GitHub has recently extended its CodeQL-based code scanner by adding the possibility to specify the desired threat model. The new feature is available in beta for the Java language.
Neowin4y

Microsoft open sources CodeQL queries used in Solorigate ... - Neowin

Microsoft has open sourced the CodeQL queries that it used to identify malicious code implants from the Solorigate attack. CodeQL is an analysis engine used for code inspection, among other things.
ZDNet4y

Microsoft: We've open-sourced this tool we used to hunt for code by SolarWinds hackers

Microsoft is open-sourcing the CodeQL queries that it used to investigate the impact of Sunburst or Solarigate malware planted in the SolarWinds Orion software updates. Other organizations can use the ...