Alternatives and similar repositories for codeql:

Users that are interested in codeql are comparing it to the libraries listed below

• cldrn / codeql-queries
  My CodeQL queries collection
  ☆96Updated last year
• veracode-research / spring-view-manipulation
  When MVC magic turns black
  ☆291Updated 4 years ago
• mbechler / serianalyzer
  A static byte code analyzer for Java deserialization gadget research
  ☆241Updated 7 years ago
• microsoft / codeql-container
  Prepackaged and precompiled github codeql container for rapid analysis, deployment and development.
  ☆115Updated last year
• advanced-security / custom-codeql-bundle
  An example repository that demonstrates how the build custom CodeQL bundles that include query customizations through the `Customizations…
  ☆25Updated 2 years ago
• zbazztian / codeql-debug
  ☆71Updated 2 years ago
• pwntester / codeql_grehack_workshop
  GreHack 2021 CodeQL for Java workshop
  ☆75Updated 3 years ago
• Marcono1234 / codeql-java-queries
  Personal CodeQL queries
  ☆61Updated this week
• mogwailabs / rmi-deserialization
  Slides/Demos from the BSides Munich 2019 talk "Attacking Java RMI in 2019"
  ☆101Updated 5 years ago
• cdaller / security_taint_propagation
  Java taint propagation for java. Define tainted sources, sanitizer methods and sinks via aspects.
  ☆28Updated 6 years ago
• bahruzjabiyev / t-reqs
  Grammar-based HTTP/1 fuzzer with mutation ability
  ☆248Updated 4 months ago
• advanced-security / codeql-queries
  [Deprecated] GitHub's Field Team's CodeQL Custom Queries, Suites, and Configurations. See GitHubSecurityLab/CodeQL-Community-Packs instea…
  ☆82Updated 10 months ago
• j3ssie / codeql-docker
  Ready to use docker image for CodeQL
  ☆89Updated last year
• Contrast-Security-OSS / joogle
  A static analysis API for finding deserialization attack gadgets
  ☆38Updated 2 years ago
• synacktiv / QLinspector
  Finding Java gadget chains with CodeQL
  ☆167Updated 2 months ago
• PalindromeLabs / Java-Deserialization-CVEs
  Compiled dataset of Java deserialization CVEs
  ☆61Updated 4 years ago
• elttam / semgrep-rules
  ☆184Updated 4 months ago
• github / vscode-codeql-starter
  Starter workspace to use with the CodeQL extension for Visual Studio Code.
  ☆515Updated last week
• ZeddYu / HTTP-Smuggling-Lab
  Use HTTP Smuggling Lab to learn HTTP Smuggling.
  ☆347Updated 2 years ago
• veracode-research / actuator-testbed
  A vulnerable application exposing Spring Boot Actuators
  ☆121Updated 6 years ago
• Semmle / SecurityQueries
  Deprecated: Please visit https://github.com/github/codeql instead.
  ☆81Updated 2 years ago
• spaceraccoon / spring-boot-actuator-h2-rce
  Sample Spring Boot App Demonstrating RCE via Exposed env Actuator and H2 Database
  ☆104Updated 5 years ago
• Contrast-Security-OSS / go-test-bench
  Intentionally vulnerable Go web app.
  ☆43Updated last month
• KTH-LangSec / silent-spring
  Silent Spring: Prototype Pollution Leads to Remote Code Execution in Node.js
  ☆64Updated last year
• bahruzjabiyev / frameshifter
  Grammar-based HTTP/2 fuzzer with mutation ability
  ☆43Updated 2 years ago
• ossf-cve-benchmark / ossf-cve-benchmark
  The OpenSSF CVE Benchmark consists of code and metadata for over 200 real life CVEs, as well as tooling to analyze the vulnerable codebas…
  ☆141Updated last year
• GitHubSecurityLab / gh-mrva
  Run CodeQL queries at scale using Multi-Repository Variant Analysis (MRVA)
  ☆58Updated last week
• cvebase / cvebase.com
  cvebase is a community-driven vulnerability data platform to discover the world's top security researchers and their latest disclosed vul…
  ☆140Updated 3 years ago
• cldrn / InsecureProgrammingDB
  Insecure programming functions database
  ☆105Updated last year
• xiaofen9 / Lynx
  A Node.js vulnerability finding tool.
  ☆96Updated 4 years ago