Code Monkey home page Code Monkey logo

codeql's Introduction

Finding security vulnerabilities with CodeQL

@adityasharad and @lcartey

Prerequisites โ€ข Resources

CodeQL is GitHub's expressive language and engine for code analysis, which allows you to explore source code to find bugs and security vulnerabilities. During these beginner-friendly workshops, you will learn to write queries in CodeQL and find known security vulnerabilities in open-source Java and JavaScript projects.

There are two workshops on this topic. Both will cover the basics of writing queries in CodeQL. The first will focus on Java, and the second will focus on JavaScript.

Workshop materials

Please complete the Prerequisites section (below) before the workshop. The following links contain the content that will be covered during the workshop:

  1. Thursday May 7 / 7:00am PDT: Finding security vulnerabilities in Java with CodeQL
  2. Thursday May 7 / 9:30am PDT: Finding security vulnerabilities in JavaScript with CodeQL

๐Ÿ“ฃ Prerequisites

  • Install Visual Studio Code.
  • Install the CodeQL extension for Visual Studio Code.
  • You do not need to install the CodeQL CLI: the extension will handle this for you.
  • Set up the CodeQL starter workspace.
    • Important: Don't forget to use git clone --recursive or git submodule update --init --remote to update the submodules when you clone this repository. This allows you to obtain the standard CodeQL query libraries.
    • Open the starter workspace in Visual Studio Code: File > Open Workspace > Browse to vscode-codeql-starter/vscode-codeql-starter.code-workspace in your checkout of the starter workspace.
  • Download and add the CodeQL database to be used in the workshop:
    • If you are attending Finding security vulnerabilities in Java with CodeQL, please download this CodeQL database.
    • If you are attending Finding security vulnerabilities in JavaScript with CodeQL, please download this CodeQL database
    • Unzip the database.
    • Import the unzipped database into Visual Studio Code:
      • Click the CodeQL icon in the left sidebar.
      • Place your mouse over Databases, and click the + sign that appears on the right.
      • Choose the unzipped database directory on your filesystem.

๐Ÿ“š Resources

codeql's People

Contributors

adityasharad avatar lcartey avatar xcorail avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.