CodeQL

We are excited to introduce the new CodeQL Community Packs, a comprehensive set of queries and models designed to enhance your code analysis capabilities. These packs are tailored to augment… The post Announcing CodeQL Community Packs appeared first on The GitHub Blog.

Learn how I discovered 11 new vulnerabilities by writing CodeQL models for Gradio framework and how you can do it, too. The post CodeQL zero to hero part 4: Gradio framework case study appeared first on The GitHub Blog.

Here’s how SAST tools combine generative AI with code scanning to help you deliver features faster and keep vulnerabilities out of code. The post How AI enhances static application security testing (SAST) appeared first on The GitHub Blog.

Learn how to use CodeQL for security research and improve your security research workflow. The post CodeQL zero to hero part 3: Security research with CodeQL appeared first on The GitHub Blog.

Now in public beta for GitHub Advanced Security customers, code scanning autofix helps developers remediate more than two-thirds of supported alerts with little or no editing. The post Found means fixed: Introducing code scanning autofix, powered by GitHub Copilot and CodeQL appeared first on The GitHub Blog.

A peek under the hood of GitHub Advanced Security code scanning autofix. The post Fixing security vulnerabilities with AI appeared first on The GitHub Blog.

More developers will have to fix security issues in the age of shifting left. Here, we break down how SAST tools can help them find and address vulnerabilities. The post The architecture of SAST tools: An explainer for developers appeared first on The GitHub Blog.

In practice, shifting left has been more about shifting the burden rather than the ability. But AI is bringing its promise closer to reality. Here’s how. The post AppSec is harder than you think. Here’s how AI can help. appeared first on The GitHub Blog.

This blog post describes two linked vulnerabilities found in Frigate, an AI-powered security camera manager, that could have enabled an attacker to silently gain remote code execution. The post Securing our home labs: Frigate code review appeared first on The GitHub Blog.

We’ve added new improvements to default setup, including automatically scheduling scans on repositories and support for all CodeQL covered languages. The post Default setup now includes scheduled scans and supports all languages covered by CodeQL appeared first on The GitHub Blog.

The effectiveness of a static application security solution hinges on its ability to provide extensive vulnerability coverage and support for a wide range of languages and frameworks. Today, we’re highlighting two releases that’ll help you discover more vulnerabilities in your codebase, so you can ship more secure software. The post ICYMI: improved C++ vulnerability coverage and CodeQL support for Lombok appeared first on The GitHub Blog.

Learn how GitHub’s CodeQL leveraged AI modeling and multi-repository variant analysis to discover a new CVE in Gradle. The post CodeQL team uses AI to power vulnerability detection in code appeared first on The GitHub Blog.

Learn the basics of CodeQL and how to use it for security research! In this blog, we will teach you how to leverage GitHub’s static analysis tool CodeQL to write custom CodeQL queries.