CodeQL

Security

How to catch GitHub Actions workflow injections before attackers do

Strengthen your repositories against actions workflow injections — one of the most common vulnerabilities.

Application security

Modeling CORS frameworks with CodeQL to find security vulnerabilities

Discover how to increase the coverage of your CodeQL CORS security by modeling developer headers and frameworks.

Engineering

How GitHub uses CodeQL to secure GitHub

How GitHub’s Product Security Engineering team manages our CodeQL implementation at scale and how you can, too.

Application security

How to secure your GitHub Actions workflows with CodeQL

In the last few months, we secured 75+ GitHub Actions workflows in open source projects, disclosing 90+ different vulnerabilities. Out of this research we produced new support for workflows in CodeQL, empowering you to secure yours.

Security

Announcing CodeQL Community Packs

We are excited to introduce the new CodeQL Community Packs, a comprehensive set of queries and models designed to enhance your code analysis capabilities. These packs are tailored to augment…

Security

CodeQL zero to hero part 4: Gradio framework case study

Learn how I discovered 11 new vulnerabilities by writing CodeQL models for Gradio framework and how you can do it, too.

AI & ML

How AI enhances static application security testing (SAST)

Here’s how SAST tools combine generative AI with code scanning to help you deliver features faster and keep vulnerabilities out of code.

Security

CodeQL zero to hero part 3: Security research with CodeQL

Learn how to use CodeQL for security research and improve your security research workflow.

News & insights

Found means fixed: Introducing code scanning autofix, powered by GitHub Copilot and CodeQL

Now in public beta for GitHub Advanced Security customers, code scanning autofix helps developers remediate more than two-thirds of supported alerts with little or no editing.

Engineering

Fixing security vulnerabilities with AI

A peek under the hood of GitHub Advanced Security code scanning autofix.

A schematic diagram depicting the steps an SAST tool takes to scan the source code of an SQL application under an SQL injection attack. The first step is tokenizing the source code, the second is abstracting the source code, the third conducting semantic analysis, the fourth conducting taint analysis, and the last generating a security alert about the SQL injection vulnerability.

Enterprise software

The architecture of SAST tools: An explainer for developers

More developers will have to fix security issues in the age of shifting left. Here, we break down how SAST tools can help them find and address vulnerabilities.

Application security

AppSec is harder than you think. Here’s how AI can help.

In practice, shifting left has been more about shifting the burden rather than the ability. But AI is bringing its promise closer to reality. Here’s how.

Security

Securing our home labs: Frigate code review

This blog post describes two linked vulnerabilities found in Frigate, an AI-powered security camera manager, that could have enabled an attacker to silently gain remote code execution.

News & insights

Default setup now includes scheduled scans and supports all languages covered by CodeQL

We’ve added new improvements to default setup, including automatically scheduling scans on repositories and support for all CodeQL covered languages.

Security

Addressing post-quantum cryptography with CodeQL

Learn how researchers and security experts at GitHub, Microsoft, and Santander came together to address the challenges presented by the post-quantum cryptography world.