CodeQL is a semantic code analysis engine and query language developed by GitHub for finding security vulnerabilities and coding errors in software projects. Understanding CodeQL introduces readers to static code analysis techniques and software security practices. Readers can explore CodeQL's capabilities, query syntax, and integration with development workflows, helping them identify and fix security issues and software bugs proactively.

CodeQL

CodeQL zero to hero part 3: Security research with CodeQL

Link Underline Setting now GA

Push rules public beta

GitHub Native IP Allow List expands to EMU User Namespaces – Private Beta

CodeQL 2.17.0: Support for Java 22, Swift 5.10, TS 5.4, C# 12

GitHub-hosted runner images deprecation notice: Docker Compose v1

CodeQL threat model settings are now available for C# (beta)

WorkOS is now a GitHub secret scanning partner

Lightspeed is now a GitHub secret scanning partner

CodeQL can scan Java projects without a build