Addressing post-quantum cryptography with CodeQL
Learn how researchers and security experts at GitHub, Microsoft, and Santander came together to address the challenges presented by the post-quantum cryptography world.
Tag
CodeQL
ICYMI: improved C++ vulnerability coverage and CodeQL support for Lombok
The effectiveness of a static application security solution hinges on its ability to provide extensive vulnerability coverage and support for a wide range of languages and frameworks. Today, we’re highlighting two releases that’ll help you discover more vulnerabilities in your codebase, so you can ship more secure software.
CodeQL team uses AI to power vulnerability detection in code
Learn how GitHub’s CodeQL leveraged AI modeling and multi-repository variant analysis to discover a new CVE in Gradle.
CodeQL zero to hero part 2: getting started with CodeQL
Learn the basics of CodeQL and how to use it for security research! In this blog, we will teach you how to leverage GitHub’s static analysis tool CodeQL to write custom CodeQL queries.
Swift support brings broader mobile application security to GitHub Advanced Security
We’ve launched the beta of code scanning support for Swift. This launch, paired with our launch of Kotlin support in November, means that CodeQL covers both IOS and Android development languages, bringing a heightened level of security to the mobile application development process.
Manage your application security stack effectively with the tool status page
Code scanning’s tool status gives you a bird's eye view of your application security stack, allowing you to quickly confirm everything is working, or troubleshoot any tool in your application security arsenal.
Multi-repository enablement: effortlessly scale code scanning across your repositories
We’ve gotten great feedback on default setup, a simple way to set up code scanning on your repository. Now, you have the ability to use default setup across your organization's repositories, in just one click.
CodeQL zero to hero part 1: the fundamentals of static analysis for vulnerability research
Learn more about static analysis and how to use it for security research! In this blog post series, we will take a closer look at static analysis concepts, present GitHub’s static analysis tool CodeQL, and teach you how to leverage static analysis for security research by writing custom CodeQL queries.
Improvements to CodeQL’s data flow library for C++
These changes will improve the experience for custom query authors and enable better precision in some of our standard queries. Learn how to enable them for your custom queries.
Multi-repository variant analysis: a powerful new way to perform security research across GitHub
Multi-repository variant analysis lets you scale security research across thousands of repositories, giving you a powerful tool to find and respond to newly discovered vulnerabilities.
ICYMI: CodeQL enhancements
Learn about CodeQL's improved user experience and enhancements that let you scan new languages, detect new types of CWEs, and perform deeper analyses of your applications.
Default setup: A new way to enable GitHub code scanning
Default setup is a new way to automatically set up code scanning on your repository, without the use of a .yaml file.
Best practices on rolling out code scanning at enterprise scale
Learn best practices on how to roll out centrally managed, developer-centric application security with a third party CI/CD system like Jenkins or ADO.
Transform your software engineering practices with GitHub Enterprise
Go beyond knowing GitHub as the home of open source and explore how GitHub Enterprise can help you transform your software engineering organization and practices.
GitHub enables the development of functional safety applications by adding support for coding standards AUTOSAR C++ and CERT C++
GitHub is excited to announce the release of CodeQL queries that implement the standards CERT C++ and AUTOSAR C++. These queries can aid developers looking to demonstrate ISO 26262 Part 6 process compliance.
5 simple things every developer can do to ship more secure code
From plug-and-play automations to protected branches, here are simple ways any developer can build more secure software on GitHub—all with a free account.