If you'd like to find out how to set up GitHub Code Quality, you can check out my latest article on Medium.
#cicd
#codequality
#devops
#devsecops
#git
#github
#ghas
#codeql
#dependabot
#scm #vcs #versioncontrol
#sast
#devlearning #softwaredevelopment #softwareengineering
What if code quality wasn’t a tool you configured or had to maintain yourselves, but something GitHub just did for your repositories?
Read my latest article to find out all about this new feature and see how it can simplify the way you handle code quality scans.
#cicd #codequality #devops #devsecops #git #github #ghas #codeql #dependabot #scm #vcs #versioncontrol #opensource #devlearning #softwaredevelopment #softwareengineering
GPT-5.2-Codex: nowy standard w programowaniu – bezpieczeństwo i jakość w kodzie
Czy model, który pisze kod szybciej niż junior po kawie, nauczył się wreszcie mówić „nie” wtedy, kiedy trzeba? OpenAI dorzuciło addendum do karty systemowej GPT-5.
Czytaj dalej:
https://pressmind.org/gpt-52-codex-nowy-standard-w-programowaniu-bezpieczenstwo-i-jakosc-w-kodzie/
#PressMindLabs #asystentprogramisty #bezpieczenstwokodu #codeql #cwe #gpt52codex
📢 Vulnhalla: un LLM superposé à CodeQL pour filtrer les faux positifs et révéler de vraies vulnérabilités
📝 Dans un billet de blog daté du 10 décembre 2025,...
📖 cyberveille : https://cyberveille.ch/posts/2025-12-16-vulnhalla-un-llm-superpose-a-codeql-pour-filtrer-les-faux-positifs-et-reveler-de-vraies-vulnerabilites/
🌐 source : https://www.cyberark.com/resources/threat-research-blog/vulnhalla-picking-the-true-vulnerabilities-from-the-codeql-haystack
#CodeQL #IOC #Cyberveille
[HID-PSA-2025-002] — 🇺🇸 HID Global (hidglobal.com) ― ActivID administrator account takeover #vuln #nginx #web #services #java #codeql #soap #wsdl [ https://www.synacktiv.com/publications/activid-administrator-account-takeover-the-story-behind-hid-psa-2025-002 ] #informatique
Взгляд безопасника на ежегодный отчет Github Octoverse 2025
Взгляд безопасника на ежегодный отчет Github Octoverse 2025. Отчет 2025 выглядит как вестник новой реальности, где ИИ в разработке будет отведена ключевая роль. Постарался дать пару советов для безопасников которых ждет такое значимое изменение подходов. Давай почитаем!
It's the first on-location episode of #ITOps Query! At #GitHubUniverse, Katie Norton, Research Manager for IDC's #DevSecOps and #softwaresupplychainsecurity practice, explains how a new extension to GitHub's #CodeQL reflects increased awareness of security as a dimension of code quality and much more! https://youtu.be/eCU3OKgOTWY?si=ndH9I3kyYiErc2Qz
This week I sat down and started writing up a blog series on "Building a CodeQL Language from Scratch". You can read the first post on my blog here:
https://geekmasher.dev/sast/codeql/building-a-codeql-extractor/
Over the past decade GitHub has not only become the most successful platform for hosting code but also the de facto standard for both open source and enterprise software development.
It didn’t just change how we share code — it changed how we build software together.
Check out my latest article for more.
#cicd #devops #devsecops #git #github #ghas #codeql #dependabot #scm #vcs #versioncontrol #opensource #devlearning #softwaredevelopment #softwareengineering
Second blog post by Clément Hurlin on #CodeQL. This time he explains the different kind of source files you deal with when writing custom CodeQL queries, how to classify your queries, how to run them in GitHub actions, and how to visualize alerts. (this announcement is shamelessly ripped off from Clément's own words elsewhere)
If you're curious to know the experience you would have with CodeQL queries in production, that's the post to learn about it 👀 https://www.tweag.io/blog/2025-08-28-codeql-part-two/
#CodeQL is GitHub's static analysis tool, a powerful full-program analyser that can detect smells and track tainted data, but it can be difficult to get started. Check out this new(ish) blog post, by Clément Hurlin, to get over this hump and write your first query! https://www.tweag.io/blog/2025-08-07-codeql-intro/
[Перевод] Как GitHub использует CodeQL для обеспечения безопасности
Что происходит, когда GitHub берётся за собственную безопасность? Они пишут код для защиты кода — и активно используют для этого CodeQL. В этой статье команда Product Security Engineering рассказывает, как настроить масштабный автоматический анализ уязвимостей, зачем создавать свои пакеты запросов и как с помощью CodeQL находить ошибки, которые невозможно поймать обычным поиском по коду.
https://habr.com/ru/companies/otus/articles/905630/
#CodeQL #github #безопасность_кода #уязвимости #GitHub_Advanced_Security #пакет_запросов #вариантный_анализ #cicd #анализ_уязвимостей
GitHub CodeQL Actions Critical Supply Chain Vulnerability (CodeQLEAKED)
#HackerNews #GitHub #CodeQL #CodeQLEAKED #SupplyChain #Vulnerability #CyberSecurity
I worked on the remediation of this vulnerability. It’s not great that we let this slip through, and it took two weeks of work to verify that nothing bad had been leaked. But overall, it was a good process, the disclosure process made sure we fixed the bug quickly, and I learned a lot.
Also, the reporter walked away with a tidy sum of $$$.
