Home

Awesome

GitHub Security Lab

This is the main git repository of GitHub Security Lab. We use it for these main purposes:

CodeQL Resources

This section is yours! Do you want to share a cool CodeQL query with the community? Or an awesome tutorial or video, or some helpful tooling? Your contributions are welcome. Please open a pull request. See Contributing below.

Official resources

Example queries

Articles

Videos

Tools

Disclaimer

The recommendations from the GitHub Security Lab are provided graciously and it's ultimately the responsibility of the recipients to apply them or not. This concerns recommendations given through our written or audio content, our conferences, our answers in our community spaces, or our informal office hours.

Contributing

We welcome contributions to the CodeQL_Queries sub-directory and to the CodeQL Resources section of this README.

If you have written a cool CodeQL query that you would like to share with the community, then please open a pull request to add it to the CodeQL_Queries sub-directory. Put your query in its own new sub-directory. For example: CodeQL_Queries/cpp/mynewsubdir/mycoolquery.ql. Of course, if you think your query might be eligible for a bounty, then you should open a pull request to the codeql repo instead, as we do not offer bounties for queries submitted to this repo. The queries in this repo are usually highly specialized queries that only make sense for a specific codebase, such as queries that specifically target Chrome or Apache Struts, or utility queries that help you explore your code without necessarily finding a vulnerability. Such queries are inappropriate for the codeql repo, which is for general purpose queries only.

If you would like to add a link to the CodeQL Resources section of this README, to share a nice video or an awesome tool, then just add another bullet point in the appropriate section.

Please see CONTRIBUTING.md, CODE_OF_CONDUCT.md, and LICENSE.md for further information on our contributing guidelines and license.