Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
awesome-codeql
A curated list of awesome CodeQL resources.
https://github.com/advanced-security/awesome-codeql
Last synced: 4 days ago
JSON representation
-
CodeQL [Packs](https://docs.github.com/en/code-security/codeql-cli/using-the-codeql-cli/publishing-and-using-codeql-packs)
- GitHub-maintained packages
- GitHub Security Lab community - Collection of community-driven CodeQL query, library and extension [packages](https://github.com/orgs/githubsecuritylab/packages)
- codeql-queries - CodeQL queries and [packs](https://github.com/orgs/trailofbits/packages?ecosystem=all&q=repo%3Atrailofbits%2Fcodeql-queries) developed by Trail of Bits
- GitHub codeql-coding-standards - This repository contains CodeQL queries and libraries which support various Coding Standards. (AUTOSAR C++, CERT-C++,CERT C, MISRA C)
-
CodeQL Queries/Bundles
- Microsoft solorigate queries
- GitHub codeql-coding-standards-bundle-releases - CodeQL bundles containing the CodeQL Coding Standards queries
-
CodeQL Query Suites
- Only Critical Queries sample .qls
- OWASP Top 10 CWE Only .qls
- CodeQL per Suite Query list - download the attached `code-scanning-query-list.csv` artifact.
-
CodeQL Troubleshooting
-
CodeQL Actions Helpers
- sarif-toolkit - Allows users to split up SARIF files that use submodules into multiple SARIF files that are then published to there appropriate repositories.
- sarif-toolkit - Allows users to split up SARIF files that use submodules into multiple SARIF files that are then published to there appropriate repositories.
- set-codeql-language-matrix - Automatically set the CodeQL matrix job using the languages in your repository.
- filter-sarif - GitHub Action for filtering Code Scanning alerts by path and id
- codeql-debug - Add this action to an existing CodeQL analysis workflow to generate an html report
- dismiss-alerts - Dismisses GitHub Code Scanning alerts from `//codeql[supress reason]` style comments on the default branch
- adjust-cvss - Adjust the severity of the CVSS score assigned to a result in SARIF file
- codeql-sarif-security-standard-annotator - Add an `owasp-top10-2021` tag to relevant results
- delombok - Delombok Java Code for analysis with Code Scanning (deprecated - now [supported by CodeQL](https://github.blog/changelog/2023-09-01-code-scanning-with-codeql-improves-support-for-java-codebases-that-use-project-lombok/))
- badge-generator - [![CodeQL](https://github.com/MichaelCurrin/badge-generator/workflows/CodeQL/badge.svg)](https://github.com/MichaelCurrin/badge-generator/actions?query=workflow%3ACodeQL "Code quality workflow status") Magically generate Markdown badges for your docs 🛡️ 🦡 🧙
-
CodeQL SARIF
- Visual Studio SARIF Viewer - Visual Studio Static Analysis Results Interchange Format (SARIF) log file viewer
- VSCode SARIF Viewer - Adds support for viewing SARIF logs in Visual Studio Code
- IntelliJ SARIF Viewer
- psastras/sarif-rs-sarif-fmt - This crate provides a command line tool to pretty print SARIF files to easy human readable output.
- SARIF Viewer Web Component
-
CodeQL Containers
- codeql_container_example - Example showing CodeQL to scan containerized applications in GitHub Actions.
- codeql-docker - CodeQL Docker image
- codeql-container - Prepackaged and precompiled github codeql container for rapid analysis, deployment and development.
- codeql-container-builds - Blog walking through the complexities of implementing containerized CodeQL workloads sprinkled with bits of Kubernetes wisdom.
-
CodeQL Samples
- Python Pickle - mapping a custom framework in python
- sample-pipeline-files - This repository contains pipeline files for various CI/CD systems (AWS CodeBuild, Azure Devops, CircleCI, DroneCI, Jenkins, Tekton, Travis), illustrating how to integrate the CodeQL CLI Bundle for Automated Code Scanning
-
CodeQL Configuration Documentation
-
CodeQL Query Writing Documentation
-
CodeQL Query Writing
-
Documentation
-
Blogs
-
YouTube learning
- Find bugs in your code with CodeQL
- Finding security vulnerabilities in JavaScript with CodeQL
- Finding security vulnerabilities in Java with CodeQL
- Finding security vulnerabilities in C/C++ with CodeQL
- CodeQL as an Audit Oracle
- Finding security vulnerabilities in C/C++ with CodeQL
- CodeQL as an Audit Oracle
-
-
Why
-
YouTube learning
-
-
CodeQL Getting Started and Guides (along side the [official docs](https://codeql.github.com/docs/))
- testing-handbook - The [Trail of Bits Testing Handbook](https://appsec.guide/docs/static-analysis/codeql/) is a resource that guides developers and security professionals in configuring, optimizing, and automating many of the static and dynamic analysis tools used at Trail of Bits.
- GitHub Security Lab - From trying out CodeQL to secure your own code to collecting bug bounties by securing others', here are a few ways we can keep the world's software safe, together.
-
CodeQL Installers
- grab_ql - Grab some/all of CodeQL CLI binary, QL library, VSCode starter workspace, VSCode and VSCode QL extension
- codeql-jupyter-kernel - Jupyter Kernel for CodeQL
- codeql-anywhere - Put the power of CodeQL in your pocket, take it with you to any CI 🚀
-
CodeQL CLI Tooling
- gh-codeql - GitHub CLI extension for working with CodeQL
- gh-codeql-scan - GH CLI CodeQL Scan Extension
- gh-mrva - Multi-repo variant analysis CLI support
-
CodeQL Customizations
- codeql-summarize - CodeQL Summary Generator to generate Models as Data (MaD) from CodeQL databases.
-
CodeQL Tooling (Bundles + Packs)
- codeql-bundle-action - Action to retrofit a CodeQL bundle with additional queries, libraries, and customizations
- gh-tailor - A tool for customizing CodeQL packs.
-
CodeQL Actions Samples
- parallel-code-scanning - An example of a GitHub Actions workflow showing how code scanning with CodeQL can be parallelized on monorepos.
- multi-lang-monorepo - A repo that demonstrates using an Actions workflow Job matrix to run parallel CodeQL scans on applications in a monorepo.
-
CodeQL Enforcement
- advanced-security-enforcer - A GitHub action for organizations that enables advanced security code scanning on all new repos
- codeql-selective-analysis - Make CodeQL a required status check for Pull Requests, but to skip the analysis in the case that only a certain subset of files are modified
-
CodeQL Extractors
- codeql-extractor-iac - CodeQL Extractors, Library, and Queries for Infrastructure as Code ( Terraform / HCL, JSON, YAML, Container files, Bicep )
- codeql-kaleidoscope - CodeQL for LLVM Kaleidoscope ([AST/CFG/SSA/Dataflow in separate commits](https://github.com/aibaars/codeql-kaleidoscope/commits/main/))
- Powershell Extractor - CodeQL extractor, sample queries, and tools for Powershell
- CyScout Solidity Extractor
Programming Languages
Categories
CodeQL Actions Helpers
10
CodeQL Query Writing
9
CodeQL Query Writing Documentation
5
CodeQL SARIF
5
CodeQL Extractors
4
CodeQL [Packs](https://docs.github.com/en/code-security/codeql-cli/using-the-codeql-cli/publishing-and-using-codeql-packs)
4
CodeQL Containers
4
CodeQL Troubleshooting
3
CodeQL CLI Tooling
3
CodeQL Query Suites
3
CodeQL Installers
3
CodeQL Actions Samples
2
CodeQL Tooling (Bundles + Packs)
2
CodeQL Getting Started and Guides (along side the [official docs](https://codeql.github.com/docs/))
2
CodeQL Enforcement
2
CodeQL Queries/Bundles
2
CodeQL Samples
2
Why
1
CodeQL Customizations
1
CodeQL Configuration Documentation
1
Sub Categories
Keywords
codeql
9
code-scanning
4
sarif
2
quality-ql-pack
1
docker
1
codeql-queries
1
codeql-container
1
codeql-command
1
codeql-cli
1
react-components
1
react
1
github-advanced-security
1
security
1
misra
1
iso26262
1
functional-safety
1
cpp14
1
coding-standards
1
cert
1
autosar
1
gh-extension
1
jupyter-notebooks
1
jupyter-notebook
1
jupyter-kernels
1
jupyter
1
containers
1
vue
1
typescript
1
shieldsio
1
shields-io
1
shields
1
shield
1
readme-badges
1
readme-badge
1
nodejs
1
markdown-badges
1
markdown
1
javascript
1
documentation-tool
1
documentation-generator
1
docs-generator
1
boilerplate
1
badge-generator
1
badge
1
powershell
1
github
1
ghas
1
github-actions
1
advanced-security
1
actions
1