Find bugs in your code with CodeQL


Join us for 30 minutes to merge, a monthly 30 minutes training session, enabled by GitHub’s Engineers.

February’s session: Find bugs in your code with CodeQL by @jkcso

In this session, we will introduce CodeQL, a language that allows us to implement security checks with code, and will demo how we can code queries for vulnerabilities and misconfigurations so they can be identified as soon as they hit your CI/CD pipeline.
This is part of the Security as Code (SaC) methodology towards codifying security tests, scans, and policies. Security is implemented directly into the CI/CD pipeline to automatically and continuously detect security vulnerabilities. Adopting SaC tightly couples application development with security and vulnerability management, while simultaneously enabling developers to focus on functionality. More importantly, it improves the collaboration between Development and Security teams and helps nurture a culture of security across projects and organizations.

About our speaker:

Joseph makes cyber security easy for developers as part of his role at GitHub Security Lab. He chose this career path because from a very young age, security was his own way to provide ethical and dedicated service to organisations and the society as a whole.
His most recent contributions to our ecosystem include the YouTube series “SecurityBites” where he educates developers on common software vulnerability patterns. Other highlights include 2 engineering degrees with focus in software and security, a zero-day vulnerability for a Top 10 Cryptocurrency in 2018 and open-source contributions to Intelligence & Blockchain.

1 Like