#CodeQL

Martin Todorovcarlspring
2026-01-14

What if code quality wasn’t a tool you configured or had to maintain yourselves, but something GitHub just did for your repositories?

Read my latest article to find out all about this new feature and see how it can simplify the way you handle code quality scans.

medium.com/devops-by-nature/wh

PressMind Labspressmind
2025-12-18

GPT-5.2-Codex: nowy standard w programowaniu – bezpieczeństwo i jakość w kodzie

Czy model, który pisze kod szybciej niż junior po kawie, nauczył się wreszcie mówić „nie” wtedy, kiedy trzeba? OpenAI dorzuciło addendum do karty systemowej GPT-5.

Czytaj dalej:
pressmind.org/gpt-52-codex-now

Ilustracja przedstawiająca futurystyczne środowisko programistyczne z robotem przy biurku.
2025-12-16

📢 Vulnhalla: un LLM superposé à CodeQL pour filtrer les faux positifs et révéler de vraies vulnérabilités
📝 Dans un billet de blog daté du 10 décembre 2025,...
📖 cyberveille : cyberveille.ch/posts/2025-12-1
🌐 source : cyberark.com/resources/threat-
#CodeQL #IOC #Cyberveille

2025-12-12

[HID-PSA-2025-002] — 🇺🇸 HID Global (hidglobal.com) ― ActivID administrator account takeover #vuln #nginx #web #services #java #codeql #soap #wsdl [ synacktiv.com/publications/act ] #informatique

2025-12-06
Some weekend updates to my homepage:

Added a little guide to debug recursive #CodeQL predicates:

https://scrapco.de/codeql-cheat-sheet/debugging/debugging-recursion/

#Ghidra documentation now reflects the state of 11.4.3:

https://scrapco.de/ghidra_docs/
2025-11-13
Is it my weak search-fu again, or the new qlpack.yml format for #CodeQL is not officially documented? @GitHubSecurityLab

The best resource I could find is this one by @trailofbits:

https://appsec.guide/docs/static-analysis/codeql/advanced/#creating-new-query-packs
2025-11-06

Взгляд безопасника на ежегодный отчет Github Octoverse 2025

Взгляд безопасника на ежегодный отчет Github Octoverse 2025. Отчет 2025 выглядит как вестник новой реальности, где ИИ в разработке будет отведена ключевая роль. Постарался дать пару советов для безопасников которых ждет такое значимое изменение подходов. Давай почитаем!

habr.com/ru/articles/963774/

#ии #github #ssdlc #codeql

2025-10-30

It's the first on-location episode of #ITOps Query! At #GitHubUniverse, Katie Norton, Research Manager for IDC's #DevSecOps and #softwaresupplychainsecurity practice, explains how a new extension to GitHub's #CodeQL reflects increased awareness of security as a dimension of code quality and much more! youtu.be/eCU3OKgOTWY?si=ndH9I3

2025-09-26

This week I sat down and started writing up a blog series on "Building a CodeQL Language from Scratch". You can read the first post on my blog here:

geekmasher.dev/sast/codeql/bui

#GitHub #CodeQL #SAST

Martin Todorovcarlspring
2025-09-25

Over the past decade GitHub has not only become the most successful platform for hosting code but also the de facto standard for both open source and enterprise software development.

It didn’t just change how we share code — it changed how we build software together.

Check out my latest article for more.

medium.com/devops-by-nature/ho

Tweag by Modus Createtweag@tweag.io
2025-08-29

Second blog post by Clément Hurlin on #CodeQL. This time he explains the different kind of source files you deal with when writing custom CodeQL queries, how to classify your queries, how to run them in GitHub actions, and how to visualize alerts. (this announcement is shamelessly ripped off from Clément's own words elsewhere)

If you're curious to know the experience you would have with CodeQL queries in production, that's the post to learn about it 👀 tweag.io/blog/2025-08-28-codeq

2025-08-26

Related to the #CodeQL news

Slice: #SAST + #LLM Interprocedural Context Extractor

noperator.dev/posts/slice/

2025-08-26

This is great news 🤩 I guess it’s about time to start learning CodeQL seriously

#CodeQL can be enabled at scale on C/C++ repositories in public preview using build-free #scanning

github.blog/changelog/2025-06-

Tweag by Modus Createtweag@tweag.io
2025-08-21

#CodeQL is GitHub's static analysis tool, a powerful full-program analyser that can detect smells and track tainted data, but it can be difficult to get started. Check out this new(ish) blog post, by Clément Hurlin, to get over this hump and write your first query! tweag.io/blog/2025-08-07-codeq

2025-04-30

[Перевод] Как GitHub использует CodeQL для обеспечения безопасности

Что происходит, когда GitHub берётся за собственную безопасность? Они пишут код для защиты кода — и активно используют для этого CodeQL. В этой статье команда Product Security Engineering рассказывает, как настроить масштабный автоматический анализ уязвимостей, зачем создавать свои пакеты запросов и как с помощью CodeQL находить ошибки, которые невозможно поймать обычным поиском по коду.

habr.com/ru/companies/otus/art

#CodeQL #github #безопасность_кода #уязвимости #GitHub_Advanced_Security #пакет_запросов #вариантный_анализ #cicd #анализ_уязвимостей

Andrew Eisenberg 🍁🍁aeisenberg@cosocial.ca
2025-03-26

I worked on the remediation of this vulnerability. It’s not great that we let this slip through, and it took two weeks of work to verify that nothing bad had been leaked. But overall, it was a good process, the disclosure process made sure we fixed the bug quickly, and I learned a lot.

Also, the reporter walked away with a tidy sum of $$$.

praetorian.com/blog/codeqleake

#github #codeql #security

Client Info

Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst