News

Using CodeQL to detect client-side vulnerabilities in web applications

GitHub’s CodeQL is a robust query language originally developed by Semmle that allows you to look for vulnerabilities in the source code ...
Bleeping Computer4y

Microsoft shares CodeQL queries to scan code for SolarWinds-like implants

Microsoft has open-sourced CodeQL queries that developers can use to scan source code for malicious implants matching the SolarWinds supply-chain attack. In December, it was disclosed that threat ...
InfoQ2y

GitHub Enhances CodeQL, Extends Language Support, Available Queries, and More

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...
InfoWorld5y

GitHub makes CodeQL free for research and open source

CodeQL, a semantic code analysis engine and query tool for finding security vulnerabilities across a codebase, has been made available for free by GitHub for anyone to use in research or to analyze ...
TechSpot4y

GitHub's open-source code scanning tool looks for security holes in real-time

Why it matters: What if companies and independent software developers could spot security flaws in their programs before releasing them to the public? GitHub now has a tool that can help them do just ...
Neowin4y

Microsoft open sources CodeQL queries used in Solorigate investigation

Last week, Microsoft finally completed its Solorigate investigation, concluding that while some code files for Azure, Intune, and Exchange were accessed, no customer data was compromised. The ...
InfoQ1y

GitHub CodeQL Code Scanning Now Supports Setting Threat Model GitHub CodeQL Code Scanning Now Supports Setting Threat Model

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...