News

Bleeping Computer4y
Microsoft shares CodeQL queries to scan code for SolarWinds-like implants
Microsoft has open-sourced CodeQL queries that developers can use to scan source code for malicious implants matching the SolarWinds supply-chain attack. In December, it was disclosed that threat ...
Visual Studio Magazine4y
Microsoft's Tools to Fight Solorigate Attack Are Now Open Source
[Click on image for larger view.] Basic CodeQL Query Structure (source: Microsoft). The project's Readme file titled "Working with Solorigate queries" lists many examples of specific queries used, ...
ZDNet4y
Microsoft: We've open-sourced this tool we used to hunt for code by SolarWinds hackers
Microsoft used CodeQL queries to analyze its source code and ... at any point in the development and release cycle. For example, we verify that the source file hashes generated by the compiler ...
ZDNet4y
GitHub: Now our built-in bug checker gets these third-party code-scanning tools
GitHub Code Scanning works on top of CodeQL (Query Language), a technology that GitHub integrated into its platform after it acquired code-analysis platform Semmle in September 2019. GitHub ...