Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

awesome-codeql

A curated list of awesome CodeQL resources.
https://github.com/advanced-security/awesome-codeql

Last synced: 4 days ago
JSON representation

CodeQL [Packs](https://docs.github.com/en/code-security/codeql-cli/using-the-codeql-cli/publishing-and-using-codeql-packs)
- GitHub-maintained packages
- GitHub Security Lab community - Collection of community-driven CodeQL query, library and extension [packages](https://github.com/orgs/githubsecuritylab/packages)
- codeql-queries - CodeQL queries and [packs](https://github.com/orgs/trailofbits/packages?ecosystem=all&q=repo%3Atrailofbits%2Fcodeql-queries) developed by Trail of Bits
- GitHub codeql-coding-standards - This repository contains CodeQL queries and libraries which support various Coding Standards. (AUTOSAR C++, CERT-C++,CERT C, MISRA C)
CodeQL Queries/Bundles
- Microsoft solorigate queries
- GitHub codeql-coding-standards-bundle-releases - CodeQL bundles containing the CodeQL Coding Standards queries
CodeQL Query Suites
- Only Critical Queries sample .qls
- OWASP Top 10 CWE Only .qls
- CodeQL per Suite Query list - download the attached `code-scanning-query-list.csv` artifact.
CodeQL Troubleshooting
- CodeQL Build Failure Troubleshooting
- GitHub SARIF Upload Troubleshooting
- CodeQL Coding Standards - Hazard and risk analysis
CodeQL Actions Helpers
- sarif-toolkit - Allows users to split up SARIF files that use submodules into multiple SARIF files that are then published to there appropriate repositories.
- set-codeql-language-matrix - Automatically set the CodeQL matrix job using the languages in your repository.
- filter-sarif - GitHub Action for filtering Code Scanning alerts by path and id
- sarif-toolkit - Allows users to split up SARIF files that use submodules into multiple SARIF files that are then published to there appropriate repositories.
- codeql-debug - Add this action to an existing CodeQL analysis workflow to generate an html report
- dismiss-alerts - Dismisses GitHub Code Scanning alerts from `//codeql[supress reason]` style comments on the default branch
- adjust-cvss - Adjust the severity of the CVSS score assigned to a result in SARIF file
- codeql-sarif-security-standard-annotator - Add an `owasp-top10-2021` tag to relevant results
- delombok - Delombok Java Code for analysis with Code Scanning (deprecated - now [supported by CodeQL](https://github.blog/changelog/2023-09-01-code-scanning-with-codeql-improves-support-for-java-codebases-that-use-project-lombok/))
- badge-generator - [![CodeQL](https://github.com/MichaelCurrin/badge-generator/workflows/CodeQL/badge.svg)](https://github.com/MichaelCurrin/badge-generator/actions?query=workflow%3ACodeQL "Code quality workflow status") Magically generate Markdown badges for your docs 🛡️ 🦡 🧙
CodeQL SARIF
- Visual Studio SARIF Viewer - Visual Studio Static Analysis Results Interchange Format (SARIF) log file viewer
- VSCode SARIF Viewer - Adds support for viewing SARIF logs in Visual Studio Code
- IntelliJ SARIF Viewer
- psastras/sarif-rs-sarif-fmt - This crate provides a command line tool to pretty print SARIF files to easy human readable output.
- SARIF Viewer Web Component
CodeQL Containers
- codeql_container_example - Example showing CodeQL to scan containerized applications in GitHub Actions.
- codeql-docker - CodeQL Docker image
- codeql-container - Prepackaged and precompiled github codeql container for rapid analysis, deployment and development.
- codeql-container-builds - Blog walking through the complexities of implementing containerized CodeQL workloads sprinkled with bits of Kubernetes wisdom.
CodeQL Samples
- Python Pickle - mapping a custom framework in python
- sample-pipeline-files - This repository contains pipeline files for various CI/CD systems (AWS CodeBuild, Azure Devops, CircleCI, DroneCI, Jenkins, Tekton, Travis), illustrating how to integrate the CodeQL CLI Bundle for Automated Code Scanning
CodeQL Configuration Documentation
- Custom Configuration File
CodeQL Query Writing Documentation
- How to write CodeQL Queries
- CodeQL Language Guide
- QL Language reference
- CodeQL Standard Libraries
- CodeQL Query Help
CodeQL Query Writing
- Documentation
  - Full CodeQL Documentation
- Blogs
  - CodeQL zero to hero series
- YouTube learning
Why
- YouTube learning
  - What is an awesome list?
CodeQL Getting Started and Guides (along side the [official docs](https://codeql.github.com/docs/))
- testing-handbook - The [Trail of Bits Testing Handbook](https://appsec.guide/docs/static-analysis/codeql/) is a resource that guides developers and security professionals in configuring, optimizing, and automating many of the static and dynamic analysis tools used at Trail of Bits.
- GitHub Security Lab - From trying out CodeQL to secure your own code to collecting bug bounties by securing others', here are a few ways we can keep the world's software safe, together.
CodeQL Installers
- grab_ql - Grab some/all of CodeQL CLI binary, QL library, VSCode starter workspace, VSCode and VSCode QL extension
- codeql-jupyter-kernel - Jupyter Kernel for CodeQL
- codeql-anywhere - Put the power of CodeQL in your pocket, take it with you to any CI 🚀
CodeQL CLI Tooling
- gh-codeql - GitHub CLI extension for working with CodeQL
- gh-codeql-scan - GH CLI CodeQL Scan Extension
- gh-mrva - Multi-repo variant analysis CLI support
CodeQL Customizations
- codeql-summarize - CodeQL Summary Generator to generate Models as Data (MaD) from CodeQL databases.
CodeQL Tooling (Bundles + Packs)
- codeql-bundle-action - Action to retrofit a CodeQL bundle with additional queries, libraries, and customizations
- codeql-bunldle - CLI to build a custom CodeQL bundle
- gh-tailor - A tool for customizing CodeQL packs.
CodeQL Actions Samples
- parallel-code-scanning - An example of a GitHub Actions workflow showing how code scanning with CodeQL can be parallelized on monorepos.
- multi-lang-monorepo - A repo that demonstrates using an Actions workflow Job matrix to run parallel CodeQL scans on applications in a monorepo.
CodeQL Enforcement
- advanced-security-enforcer - A GitHub action for organizations that enables advanced security code scanning on all new repos
- codeql-selective-analysis - Make CodeQL a required status check for Pull Requests, but to skip the analysis in the case that only a certain subset of files are modified
CodeQL Extractors
- codeql-extractor-iac - CodeQL Extractors, Library, and Queries for Infrastructure as Code ( Terraform / HCL, JSON, YAML, Container files, Bicep )
- codeql-kaleidoscope - CodeQL for LLVM Kaleidoscope ([AST/CFG/SSA/Dataflow in separate commits](https://github.com/aibaars/codeql-kaleidoscope/commits/main/))
- Powershell Extractor - CodeQL extractor, sample queries, and tools for Powershell
- CyScout Solidity Extractor

Programming Languages

Python 7 CodeQL 5 Shell 4 TypeScript 4 Java 3 JavaScript 2 C# 2 PowerShell 1 C++ 1

Ecosyste.ms: Awesome

awesome-codeql

CodeQL [Packs](https://docs.github.com/en/code-security/codeql-cli/using-the-codeql-cli/publishing-and-using-codeql-packs)

CodeQL Queries/Bundles

CodeQL Query Suites

CodeQL Troubleshooting

CodeQL Actions Helpers

CodeQL SARIF

CodeQL Containers

CodeQL Samples

CodeQL Configuration Documentation

CodeQL Query Writing Documentation

CodeQL Query Writing

Documentation

Blogs

YouTube learning

Why

YouTube learning

CodeQL Getting Started and Guides (along side the [official docs](https://codeql.github.com/docs/))

CodeQL Installers

CodeQL CLI Tooling

CodeQL Customizations

CodeQL Tooling (Bundles + Packs)

CodeQL Actions Samples

CodeQL Enforcement

CodeQL Extractors