Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

GitHub Satellite 2020 workshops on finding security vulnerabilities with CodeQL for Java/JavaScript.

NotificationsYou must be signed in to change notification settings

githubsatelliteworkshops/codeql

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 

Repository files navigation

@adityasharad and @lcartey

PrerequisitesResources

CodeQL is GitHub's expressive language and engine for code analysis, which allows you to explore source code to find bugs and security vulnerabilities. During these beginner-friendly workshops, you will learn to write queries in CodeQL and find known security vulnerabilities in open-source Java and JavaScript projects.

There are two workshops on this topic. Both will cover the basics of writing queries in CodeQL. The first will focus on Java, and the second will focus on JavaScript.

Workshop materials

Please complete thePrerequisites section (below) before the workshop.The following links contain the content that will be covered during the workshop:

  1. Thursday May 7 / 7:00am PDT:Finding security vulnerabilities in Java with CodeQL
  2. Thursday May 7 / 9:30am PDT:Finding security vulnerabilities in JavaScript with CodeQL

📣 Prerequisites

  • InstallVisual Studio Code.
  • Install theCodeQL extension for Visual Studio Code.
  • You donot need to install the CodeQL CLI: the extension will handle this for you.
  • Set up theCodeQL starter workspace.
    • Important: Don't forget to usegit clone --recursive orgit submodule update --init --remote to update the submodules when you clone this repository. This allows you to obtain the standard CodeQL query libraries.
    • Open the starter workspace in Visual Studio Code:File >Open Workspace > Browse tovscode-codeql-starter/vscode-codeql-starter.code-workspace in your checkout of the starter workspace.
  • Download and add the CodeQL database to be used in the workshop:
    • If you are attendingFinding security vulnerabilities in Java with CodeQL, please downloadthis CodeQL database.
    • If you are attendingFinding security vulnerabilities in JavaScript with CodeQL, please visitthis project page on LGTM.com, create an account (you can log in via OAuth using a GitHub account), and click to download the latest database for JavaScript.
    • Unzip the database.
    • Import the unzipped database into Visual Studio Code:
      • Click the CodeQL icon in the left sidebar.
      • Place your mouse overDatabases, and click the+ sign that appears on the right.
      • Choose the unzipped database directory on your filesystem.

📚 Resources

About

GitHub Satellite 2020 workshops on finding security vulnerabilities with CodeQL for Java/JavaScript.

Topics

Resources

Code of conduct

Stars

Watchers

Forks

Packages

No packages published

Contributors6

[8]ページ先頭
©2009-2025 Movatter.jp