Bleeping Computer

Microsoft shares CodeQL queries to scan code for SolarWinds-like implants

Microsoft has open-sourced CodeQL queries that developers can use to scan source code for malicious implants matching the SolarWinds supply-chain attack. In December, it was disclosed that threat ...
Neowin

Microsoft open sources CodeQL queries used in Solorigate investigation

Microsoft has open sourced the CodeQL queries that it used to identify malicious code implants from the Solorigate attack. CodeQL is an analysis engine used for code inspection, among other things.
ZDNet

Microsoft: We've open-sourced this tool we used to hunt for code by SolarWinds hackers

Microsoft is open-sourcing the CodeQL queries that it used to investigate the impact of Sunburst or Solarigate malware planted in the SolarWinds Orion software updates. Other organizations can use the ...
InfoQ

GitHub CodeQL Code Scanning Now Supports Setting Threat Model GitHub CodeQL Code Scanning Now Supports Setting Threat Model

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...
InfoWorld

GitHub makes CodeQL free for research and open source

CodeQL, a semantic code analysis engine and query tool for finding security vulnerabilities across a codebase, has been made available for free by GitHub for anyone to use in research or to analyze ...