Microsoft has open-sourced CodeQL queries that developers can use to scan source code for malicious implants matching the SolarWinds supply-chain attack. In December, it was disclosed that threat ...

Microsoft is open-sourcing the CodeQL queries that it used to investigate the impact of Sunburst or Solarigate malware planted in the SolarWinds Orion software updates. Other organizations can use ...

Basic CodeQL Query Structure (source: Microsoft). The project's Readme file titled "Working with Solorigate queries" lists many examples of specific queries used, both syntactic and semantic. For ...

Based on the CodeQL semantic code analysis technology acquired from Semmle, GitHub code scanning now can be enabled in users’ public repositories to discover security vulnerabilities in their ...

It also open sourced some tools it used to check its internal systems for any signs of compromise, called CodeQL queries. The GitHub-based project describes itself as a "semantic code analysis engine" ...