GitHub Security Lab, launched at GitHub Universe 2019, is a new GitHub initiative whose mission is to inspire and enable the community to secure the open source software we all depend on. We hunt for vulnerabilities in open source projects and build tools to make it easier for others to find those vulnerabilities in their own codebases. In addition, we’re building an open coalition with security teams and researchers across the world that will focus on making security accessible to every researcher and every developer.
GitHub’s first contribution to the Security Lab effort is the free release of CodeQL for Research. CodeQL is an industry-leading semantic code analysis engine that enables you to discover vulnerabilities across your codebase. You can query code as though it were data to find a vulnerability pattern and all of its variants.