Awesome
<h1 align="center">Finding security vulnerabilities with CodeQL</h1> <h5 align="center">@ammohant and @ds-ms</h5> <h5 align="center">Moderated by: @ganeshrockz and @shigupt202 </h5> <p align="center"> <a href="#mega-prerequisites">Prerequisites</a> • <a href="#books-resources">Resources</a> </p>CodeQL is GitHub's expressive language and engine for code analysis, which allows you to explore source code to find bugs and security vulnerabilities. During these beginner-friendly workshops, you will learn to write queries in CodeQL and find known security vulnerabilities in open-source C++.
:mega: Prerequisites
- Install Visual Studio Code.
- Install the CodeQL extension for Visual Studio Code.
- You do not need to install the CodeQL CLI: the extension will handle this for you.
- Set up the CodeQL starter workspace.
- Important: Don't forget to use
git clone --recursive
orgit submodule update --init --remote
to update the submodules when you clone this repository. This allows you to obtain the standard CodeQL query libraries. - Open the starter workspace in Visual Studio Code: File > Open Workspace > Browse to
vscode-codeql-starter/vscode-codeql-starter.code-workspace
in your checkout of the starter workspace.
- Important: Don't forget to use
- Download and add the CodeQL database to be used in the workshop:
- Please download this CodeQL database.
- Unzip the database.
- Import the unzipped database into Visual Studio Code:
- Click the CodeQL icon in the left sidebar.
- Place your mouse over Databases, and click the
+
sign that appears on the right. - Choose the unzipped database directory on your filesystem.
:books: Resources
- Learning CodeQL
- Learning CodeQL for CPP
- Using the CodeQL extension for VS Code
- More about CodeQL on GitHub Security Lab
- CodeQL on GitHub Learning Lab