SaaSHub helps you find the best software and product alternatives Learn more →
Top 10 codeql Open-Source Projects
-
codeql
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
-
secure-code-game
A GitHub Security Lab initiative, providing an in-repo learning experience, where learners secure intentionally vulnerable code.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
codeql
GitHub Satellite 2020 workshops on finding security vulnerabilities with CodeQL for Java/JavaScript. (by githubsatelliteworkshops)
-
codeql-coding-standards
This repository contains CodeQL queries and libraries which support various Coding Standards.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
Pixeebot
Pixeebot finds security and code quality issues in your code and inbound pull requests and creates merge-ready pull requests with recommended fixes. Pixeebot integrates with third party security tools such as Sonar, Semgrep, and CodeQL to automatically fix findings from each tool's scans.
Project mention: Show HN: GritQL, a Rust CLI for rewriting source code | news.ycombinator.com | 2024-03-20apologies if this should be a discussion/issue/whatever but:
Do you envision going up against CodeQL and/or <https://www.jetbrains.com/help/qodana/about-qodana.html> by making semantic information available to the ast nodes? OT1H, I can imagine it could be an overwhelming increase in project scope, but OTOH it could also truly lead to some stunning transformation patterns
e.g. https://github.com/github/codeql/blob/v1.27.0/java/ql/exampl... or even more "textual" semantics such as
var foo = "hello".substring(1); // knowing "foo" is a String
Up your security skills with this in-repo learning experience. This season's game features five community-contributed challenges in JavaScript, Python, Go, and GitHub Actions. Start playing now.
Project mention: Show HN: Pixeebot – a GitHub App that fixes your Sonar findings (Java/Python) | news.ycombinator.com | 2024-03-25https://github.com/pixee/pygoat/pull/2/files
The changes aren't all super fancy, but we're orienting towards solving real problems and remediating issues -- grunt work you don't want to have to do, but compliance says you should (and you probably should)!
Right now, we fix around 25 of the things that Sonar commonly finds (and a lot more that it doesn't find!). You can see the complete list of things we fix here:
https://docs.pixee.ai/codemods/overview/
I'll tell you, it's so much nicer to receive PRs than tool warnings.
To try it out:
1. Install the Pixeebot GitHub App on a Sonar-monitored GitHub repository
- https://github.com/apps/pixeebot
codeql related posts
-
Google Search Drops Cache Link from Search Results
-
Porsche Open Source Platform
-
Discover vulnerabilities across a codebase with semantic code analysis engine
-
GitHub introduces CodeQL, a new tool for automated code review and vulnerability
-
GitHub introduces CodeQL, a new tool for automated code review and vulnerability
-
Blizzard has announced that the quest log cap will be increased to 35, after many years of staying capped at 25. Happy questing!
-
Soufflé: A Datalog Synthesis Tool for Static Analysis
-
A note from our sponsor - SaaSHub
www.saashub.com | 13 May 2024
Index
What are some of the best open-source codeql projects? This list will help you:
Project | Stars | |
---|---|---|
1 | codeql | 7,156 |
2 | secure-code-game | 1,881 |
3 | codeql-action | 1,058 |
4 | go-ruleguard | 766 |
5 | codeql | 201 |
6 | codeql-coding-standards | 107 |
7 | codeql | 91 |
8 | my-readings | 29 |
9 | monorepo | 23 |
10 | Pixeebot | - |
Sponsored