github / codeqlLinks
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
☆8,561Updated last week
Alternatives and similar repositories for codeql
Users that are interested in codeql are comparing it to the libraries listed below
Sorting:
- Binaries for the CodeQL CLI☆854Updated last month
- Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.☆1,926Updated this week
- Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.☆12,359Updated this week
- Actions for running CodeQL analysis☆1,314Updated this week
- Resources related to GitHub Security Lab☆1,520Updated 2 weeks ago
- OSS-Fuzz - continuous fuzzing for open source software.☆11,207Updated this week
- An extension for Visual Studio Code that adds rich language support for CodeQL☆461Updated last week
- OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependen…☆7,087Updated this week
- Open-source code analysis platform for C/C++/Java/Binary/Javascript/Python/Kotlin based on code property graphs. Discord https://discord.…☆2,518Updated last week
- OpenSSF Scorecard - Security health metrics for Open Source☆5,005Updated this week
- 🤖 Dependabot's core logic for creating update PRs.☆5,155Updated this week
- Semgrep Community Edition rules, maintained by Semgrep and the community. Free to use under the Semgrep Rules License.☆949Updated this week
- Pilot program for CVE submission through GitHub. CVE Record Submission via Pilot PRs ending 6/30/2023☆1,485Updated last month
- 《深入理解CodeQL》Finding vulnerabilities with CodeQL.☆1,660Updated last year
- Scalable fuzzing infrastructure.☆5,422Updated this week
- Tutorials, examples, discussions, research proposals, and other resources related to fuzzing☆3,682Updated 9 months ago
- RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security…☆2,768Updated 3 months ago
- 📦 Make security testing of K8s, Docker, and Containerd easier.☆4,310Updated 4 months ago
- weggli is a fast and robust semantic search tool for C and C++ codebases. It is designed to help security researchers identify interestin…☆2,423Updated last year
- ⚙️ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The foc…☆13,976Updated this week
- Combination of multiple linters to run as a GitHub Action or standalone☆9,986Updated last week
- LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Reque…☆1,456Updated last year
- An OpenAPI description for GitHub's REST API☆1,509Updated this week
- ⚙️ A curated list of dynamic analysis tools and linters for all programming languages, binaries, and more.☆1,018Updated last week
- Gather and update all available and newest CVEs with their PoC.☆7,109Updated this week
- This project hosts security advisories and their accompanying proof-of-concepts related to research conducted at Google which impact non-…☆4,117Updated 2 weeks ago
- A static analysis tool for securing Go code☆2,176Updated last year
- Snyk CLI scans and monitors your projects for security vulnerabilities.☆5,179Updated this week
- A self-hosted Fuzzing-As-A-Service platform☆2,834Updated last year
- CLI tool and library for generating a Software Bill of Materials from container images and filesystems☆7,412Updated this week