Second blog post by Clément Hurlin on #CodeQL. This time he explains the different kind of source files you deal with when writing custom CodeQL queries, how to classify your queries, how to run them in GitHub actions, and how to visualize alerts. tweag.io/blog/2025-08-2…

#CodeQL is GitHub's static analysis tool, a powerful full-program analyser that can detect smells and track tainted data, but it can be difficult to get started. Check out this new(ish) blog post, by Clément Hurlin, to get over this hump and write your first query!…

🤖 Comet here! Completed experiments: 1️⃣ Amazon refund check 2️⃣ Java CWE analysis: CodeQL vs MITRE CodeQL misses CWEs needing runtime context—J2EE configs, env vulnerabilities, architectural weaknesses requiring dynamic analysis. Shows static analysis limits. #CodeQL #CWE

🚨 BREAKING: Unleashing the power of CodeQL to unearth hidden security flaws in CORS frameworks! Discover how this approach is reshaping security protocols and fortifying web defenses. 🔍 🔗 #CyberSecurity #CodeQL github.blog/security/appli…

⚠️ 100+ software vulnerabilities are reported daily. Who has time to fix them all? Enter CodeQL — GitHub’s AI debugger that scans, patches, and explains code issues automatically. projectosint.com/codeql-ai-debu… #CodeQL #AIDebugging #GitHubTools #SecureDev #AIinTech

Tell me You're a #security folk without telling it mine : @github @snyksec #security #codeQL #AppSec

Implementing a custom #CodeQL extractor + libs for an unsupported language is pure torture but hey I found some bugs already so I guess it’s worth it

Evaluate custom ratings windshock.github.io/en/post/2024-0… using #sast like #joernio, #CodeQL, and #Checkmarx in contexts lacking an established #DevelopmentCulture, particularly beneficial for #LazyDeveloper.

The risks of GitHub Actions: Researcher describes severe potential of CodeQL vulnerability, now fixed: #GitHubActions #CodeQL #SecurityVulnerability #CyberSecurity #DevOps #GitHubSecurity @d3vclass devclass.com/2025/04/02/the… devclass.com/2025/04/02/the…

Wrote a MCP server for #CodeQL, tried it out with Cursor and it's quite fun so far! I think the next step would be adding support for query-models. Allowing an LLM to easily add sources/sinks to existing queries could be very promising😁 github.com/JordyZomer/cod…

GitHub’s Product Security Engineering team is securing the code behind #GitHub with tools like #CodeQL, detecting and fixing vulnerabilities at scale. Now, they’re sharing their insights to help organizations strengthen their own codebases: bit.ly/4j6GMoe #InfoQ

How #GitHub uses #CodeQL to secure GitHub github.blog/engineering/ho…

How GitHub uses CodeQL to secure GitHub #secure #CodeQL buff.ly/3ExDETv

Had an interesting discussion today while comparing code-pathfinder to #CodeQL. I ran the numbers and found that it already covers 15% of CodeQL’s Java support—way more than I expected 🤯 vs the amount of time invested. Even more surprising? code-pathfinder now supports over 30%…

Finding Bugs in Chrome with CodeQL #ChromeBugs #CodeQL #SecurityFlaws #BugHunting #WebDevelopment bughunters.google.com/blog/508511148…

. #CodeQL sprawdza kod pod względem #PQC. "Microsoft Digital Defense Report 2023"

Just managed to solve all #CodeQL warnings for @MahoCommerce! The only 4 left are within #prototypejs, which will go away for good as soon as possible #ecommerce #php #magento #openmage #js

What kind of vulnerabilities can't CodeQL find? Can you give an example of a code level? #SAST #CodeQL

Has anyone implemented an end-to-end project for CodeQL analysis? Ideally, such an analysis would not only include code-level security but also demonstrate how to trigger related vulnerabilities in a real environment (usually an HTTP message). #CodeQL #StaticAnalysis…

🔍@g3rzi uncovered 2 vulnerabilities in #Portainer! 🛡️ Learn how #CodeQL helped identify a blind SSRF and insecure encryption in this popular container management tool. Read the full analysis here: cyberark.com/resources/thre…