Learn the basics of CodeQL and how to use it for security research! In this blog, we will teach you how to leverage GitHub’s static analysis tool CodeQL to write custom CodeQL queries.

The GitHub Blog provides updates, announcements, and insights from the world's leading software development platform, covering topics such as new features, community highlights, and industry trends. Developers can learn about GitHub's latest developments, best practices for collaboration, and tips for maximizing productivity on the platform.

GitHub Blog

CodeQL is a powerful static analysis tool developed by Semmle (acquired by GitHub in 2019) CodeQL uses data flow analysis and taint analysis to find code errors, check code quality and identify vulnerabilities. CodeQL queries are open-source, and anyone can create and contribute to CodeQL.

CodeQL zero to hero part 2: getting started with CodeQL

Common uses of CodeQL for security research and application security

QL query language—writing your own CodeQL query